terminal and SSH stopped working #4233
Description
Describe the issue you are experiencing
I used to connect to my home-assistant using SSH, often in IPv6 and always using a ED25519 key.
I noticed recently that the connection was refused. Using "ssh -v" on the client side, I see it offers the ED25519 key, but this is not accepted and at the end the client fails with a single message "Permission denied (publickey)."
Nothing has been changed on the keys, and it is an automated process that connects to home-assistant, and has done so since years, so I know all keys are correct.
What type of installation are you running?
Home Assistant OS
Which operating system are you running on?
Debian
Which add-on are you reporting an issue with?
Terminal & SSH
What is the version of the add-on?
9.20.1
Steps to reproduce the issue
- on a remote computer, run "ssh -v home-assistant -i the-key-file -o IdentitiesOnly=yes" (where "home-assistant" is the host name known to the local DNS).
- get the messages (some hash values have been redacted for security reasons):
(lehrin) luc% ssh -v -i /home/luc/.ssh/id_ed25519 -o IdentitiesOnly=yes home-assistant
debug1: OpenSSH_10.2p1 Debian-2, OpenSSL 3.5.4 30 Sep 2025
debug1: Reading configuration data /home/luc/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to home-assistant [] port 22.
debug1: Connection established.
debug1: loaded pubkey from /home/luc/.ssh/id_ed25519:
debug1: identity file /home/luc/.ssh/id_ed25519 type 2
debug1: no identity pubkey loaded from /home/luc/.ssh/id_ed25519
debug1: Local version string SSH-2.0-OpenSSH_10.2p1 Debian-2
debug1: Remote protocol version 2.0, remote software version OpenSSH_10.0
debug1: compat_banner: match: OpenSSH_10.0 pat OpenSSH* compat 0x04000000
debug1: Authenticating to home-assistant:22 as 'luc'
debug1: load_hostkeys: fopen /home/luc/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: mlkem768x25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: compression: none
debug1: kex: client->server cipher: [email protected] MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519
debug1: load_hostkeys: fopen /home/luc/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'home-assistant' is known and matches the ED25519 host key.
debug1: Found key in /home/luc/.ssh/known_hosts:203
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: Sending SSH2_MSG_EXT_INFO
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256>
debug1: kex_ext_info_check_ver: [email protected]=<0>
debug1: kex_ext_info_check_ver: [email protected]=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256>
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /home/luc/.ssh/id_ed25519 ED25519 SHA256: explicit
debug1: Offering public key: /home/luc/.ssh/id_ed25519 ED25519 SHA256: explicit
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
luc@home-assistant: Permission denied (publickey).
(lehrin) luc%
System Health information
System Information
| version | core-2025.11.2 |
|---|---|
| installation_type | Home Assistant OS |
| dev | false |
| hassio | true |
| docker | true |
| container_arch | amd64 |
| user | root |
| virtualenv | false |
| python_version | 3.13.9 |
| os_name | Linux |
| os_version | 6.12.51-haos |
| arch | x86_64 |
| timezone | Europe/Paris |
| config_dir | /config |
Home Assistant Cloud
| logged_in | false |
|---|---|
| can_reach_cert_server | ok |
| can_reach_cloud_auth | ok |
| can_reach_cloud | ok |
Home Assistant Supervisor
| host_os | Home Assistant OS 16.3 |
|---|---|
| update_channel | stable |
| supervisor_version | supervisor-2025.11.2 |
| agent_version | 1.7.2 |
| docker_version | 28.3.3 |
| disk_total | 30.8 GB |
| disk_used | 6.0 GB |
| nameservers | 192.168.126.234, 192.168.126.232, 2a03:7220:8088:401::b40c:1 |
| healthy | true |
| supported | true |
| host_connectivity | true |
| supervisor_connectivity | true |
| ntp_synchronized | true |
| virtualization | kvm |
| board | ova |
| supervisor_api | ok |
| version_api | ok |
| installed_addons | ESPHome Device Builder (2025.10.5), NGINX Home Assistant SSL proxy (3.14.0), File editor (5.8.0), Terminal & SSH (9.20.1), Mosquitto broker (6.5.2) |
Dashboards
| dashboards | 2 |
|---|---|
| resources | 0 |
| views | 1 |
| mode | storage |
Network Configuration
| adapters | lo (disabled), enp0s2 (enabled, default, auto), hassio (disabled), docker0 (disabled), veth34b381d (disabled), veth87243ab (disabled), veth36f2856 (disabled), veth0123ca8 (disabled), veth203da5c (disabled), vetha250e40 (disabled), vethc412140 (disabled), veth90cfbee (disabled) |
|---|---|
| ipv4_addresses | lo (127.0.0.1/8), enp0s2 (192.168.126.213/24), hassio (172.30.32.1/23), docker0 (172.30.232.1/23), veth34b381d (), veth87243ab (), veth36f2856 (), veth0123ca8 (), veth203da5c (), vetha250e40 (), vethc412140 (), veth90cfbee () |
| ipv6_addresses | lo (::1/128), enp0s2 (2a03:7220:8088:401::4055:1/64, fe80::1f53:521f:4a29:54e/64), hassio (fe80::d4e0:98ff:fe40:99c4/64), docker0 (fe80::a2:8aff:fedd:2ea5/64), veth34b381d (fe80::b834:b4ff:feef:4ce0/64), veth87243ab (fe80::1891:5fff:fe6d:ab03/64), veth36f2856 (fe80::6ce3:2fff:fed7:5e9b/64), veth0123ca8 (fe80::dcfc:94ff:feb5:9225/64), veth203da5c (fe80::4476:79ff:fe23:2d23/64), vetha250e40 (fe80::f4aa:5ff:feed:27a1/64), vethc412140 (fe80::1c69:cdff:fe2b:28ba/64), veth90cfbee (fe80::a431:e9ff:fe5d:dd7c/64) |
| announce_addresses | 192.168.126.213, 2a03:7220:8088:401::4055:1, fe80::1f53:521f:4a29:54e |
Recorder
| oldest_recorder_run | 7 novembre 2025 à 16:12 |
|---|---|
| current_recorder_run | 17 novembre 2025 à 20:31 |
| estimated_db_size | 30.84 MiB |
| database_engine | sqlite |
| database_version | 3.49.2 |
Anything in the Supervisor logs that might be useful for us?
no relevant messages found in the system logsAnything in the add-on logs that might be useful for us?
Additional information
No response