Feature/ssh server#92
Open
heman22union wants to merge 3 commits into
Open
Conversation
Adds an enable_ssh toggle (default off) that starts an OpenSSH server inside the container, allowing direct SSH access from VS Code, Mac terminal, or any SSH client. - enable_ssh: toggle (default false) - ssh_port: port to listen on (default 2222, exposed in addon ports) - ssh_authorized_keys: list of public keys; password auth disabled - host keys persisted in /data/ssh/ so client doesn't warn on restart Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…rized_keys bashio::config returns a raw string for single-item lists, not a JSON array. Detect the type and handle both cases. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
lcoppenr
added a commit
to lcoppenr/home-assistant-addons
that referenced
this pull request
Jun 7, 2026
Based on heman22union's PR heytcass#92 (heytcass#92). Adds opt-in SSH server with pubkey-only authentication: - enable_ssh toggle (default false) - ssh_port config (default 2222) - ssh_authorized_keys list - Persistent host keys in $ANTHROPIC_HOME/ssh/ Hardening applied on top of PR heytcass#92: - PermitRootLogin prohibit-password (was: yes) - KbdInteractiveAuthentication no - UsePAM no - X11Forwarding no - MaxAuthTries 3 - LoginGraceTime 30 - Explicit chmod 600 on host key private files - Warning when SSH enabled but no authorized keys configured Version bumped to 2.2.3.
lcoppenr
added a commit
to lcoppenr/home-assistant-addons
that referenced
this pull request
Jun 7, 2026
Based on heman22union's PR heytcass#92 (heytcass#92). Adds opt-in SSH server with pubkey-only authentication: - enable_ssh toggle (default false) - ssh_port config (default 2222) - ssh_authorized_keys list - Persistent host keys in $ANTHROPIC_HOME/ssh/ Hardening applied on top of PR heytcass#92: - PermitRootLogin prohibit-password (was: yes) - KbdInteractiveAuthentication no - UsePAM no - X11Forwarding no - MaxAuthTries 3 - LoginGraceTime 30 - Explicit chmod 600 on host key private files - Warning when SSH enabled but no authorized keys configured Version bumped to 2.2.3.
Merged
4 tasks
lcoppenr
added a commit
to lcoppenr/home-assistant-addons
that referenced
this pull request
Jul 8, 2026
Based on heman22union's PR heytcass#92 (heytcass#92). Adds opt-in SSH server with pubkey-only authentication: - enable_ssh toggle (default false) - ssh_port config (default 2222) - ssh_authorized_keys list - Persistent host keys in $ANTHROPIC_HOME/ssh/ Hardening applied on top of PR heytcass#92: - PermitRootLogin prohibit-password (was: yes) - KbdInteractiveAuthentication no - UsePAM no - X11Forwarding no - MaxAuthTries 3 - LoginGraceTime 30 - Explicit chmod 600 on host key private files - Warning when SSH enabled but no authorized keys configured Version bumped to 2.2.3.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds an opt-in SSH server so you can connect to the addon container directly from VS Code Remote, a Mac terminal, or any SSH client — without going through the web terminal.
Three new options:
enable_ssh— toggle, defaultfalsessh_port— port to listen on, default2222(also exposed in addon port mappings)ssh_authorized_keys— list of public keys; password authentication is disabledUsage
enable_ssh: truein addon configcat ~/.ssh/id_ed25519.pub) intossh_authorized_keysssh root@<ha-ip> -p 2222ssh root@<ha-ip> -p 2222 -t "tmux attach -t claude"Implementation notes
$ANTHROPIC_HOME/ssh/(which respectsclaude_data_pathif set) so your SSH client won't warn about key changes on container restartauthorized_keysis written to$HOME/.ssh/authorized_keys— correctly followsclaude_data_pathif configuredbashio::configreturns a raw string for single-item lists rather than a JSON array — the key writing handles both casesTest plan
enable_ssh: false(default) — no sshd runningtmux attach -t claudeover SSH attaches to the running Claude sessionclaude_data_pathset to a non-default path