Add optional SSH host key persistence

Adds a new boolean option, `persist_ssh_host_keys`, to allow users to persist SSH host keys in the /data directory and that secure permissions are set.

Author: cw-cdz

vscode-remote-ssh/DOCS.md

@@ -6,4 +6,8 @@ Enables you to connect to Home Assistant via Visual Studio Code Remote SSH.
 
 ### Option: `ssh_keys`
 
-List of ssh keys that are allowed to connect
+List of ssh keys that are allowed to connect
+
+### Option: `persist_ssh_host_keys` (Optional)
+
+If set to `true`, the add-on will store the SSH host keys in a persistent location (`/data`). This prevents the host key from changing after an add-on update or restart, avoiding "REMOTE HOST IDENTIFICATION HAS CHANGED" errors on the client. Defaults to `false`.

vscode-remote-ssh/README.md

@@ -22,7 +22,11 @@ _Example configuration_:
 Addon:
 ```yaml
 ssh_keys: ["ssh-rsa yourverylongsshkey", "ssh-ed25519 andanotherone"]
+
+# Optional:
+persist_ssh_host_keys: true
 ```
+_The `persist_ssh_host_keys` option, when `true`, also stores the SSH host keys in the persistent `/data` directory. This maintains a stable host identity, which is standard practice for SSH servers and prevents `known_hosts` errors on the client._
 
 VS-Code ssh config ($HOME/.ssh/config):
 ```

vscode-remote-ssh/config.yaml

@@ -3,7 +3,7 @@ version: 1.0.43
 slug: vscode-remote-ssh
 description: Enables you to connect to Home Assistant via Visual Studio Code Remote
   SSH.
-url: https://github.com/mietzen/hassio-addons/tree/master/vscode-remote-ssh
+url: https://github.com/mietzen/hassio-addons/tree/main/vscode-remote-ssh
 arch:
 - armhf
 - armv7
@@ -25,7 +25,9 @@ ports:
   22/tcp: 22000
 options:
   ssh_keys: []
+  persist_ssh_host_keys: false
 schema:
   ssh_keys:
   - str
+  persist_ssh_host_keys: bool?
   log_level: list(debug|info|warning|error)?

vscode-remote-ssh/rootfs/run.sh

@@ -12,6 +12,37 @@ bashio::log.notice 'Symlinking home directory to persistent storage.'
 rm -rf /root
 ln -s /data/root /root
 
+# Conditionally persist SSH host keys to survive container updates
+if bashio::config.true 'persist_ssh_host_keys'; then
+    bashio::log.notice "Host key persistence is enabled."
+
+    # On first run, move the original /etc/ssh directory to the persistent /data location
+    if ! [ -d /data/ssh ]; then
+        bashio::log.notice 'Initializing persistent SSH directory from /etc/ssh...'
+        mv /etc/ssh /data/ssh
+    fi
+
+    # Ensure the standard /etc/ssh path is always a symlink to our persistent storage
+    bashio::log.notice 'Linking /etc/ssh to persistent storage at /data/ssh.'
+    rm -rf /etc/ssh
+    ln -s /data/ssh /etc/ssh
+
+    # If no host keys exist in the persistent directory, generate the full default set.
+    if ! find /data/ssh -name "ssh_host_*_key" -print -quit | grep -q .; then
+        bashio::log.warning 'No SSH host keys found in persistent storage. Generating new set for first-time use...'
+        ssh-keygen -A
+        bashio::log.notice 'Default set of host keys generated in /data/ssh.'
+    fi
+
+    # Enforce secure permissions on the host keys and configuration
+    bashio::log.notice 'Verifying permissions for persistent SSH files...'
+    chmod 600 /data/ssh/ssh_host_*_key 2>/dev/null || true
+    chmod 644 /data/ssh/ssh_host_*_key.pub 2>/dev/null || true
+    chmod 644 /data/ssh/sshd_config 2>/dev/null || true
+else
+    bashio::log.notice "Host key persistence is disabled. Keys will be ephemeral."
+fi
+
 # Check ssh_keys
 if bashio::config.is_empty 'ssh_keys'; then
     bashio::log.fatal 'Invalid configuration.'

vscode-remote-ssh/translations/de.yaml

@@ -2,3 +2,6 @@ configuration:
   ssh_keys:
     name: Autorisierte SSH Schlüssel
     description: SSH Schlüssel denen es erlaubt ist sich mit dem Visual Studio Code Remote SSH Server zu verbinden.
+  persist_ssh_host_keys:
+    name: SSH-Host-Schlüssel beibehalten
+    description: Wenn auf 'true' gesetzt, werden die SSH-Host-Schlüssel im /data-Ordner gespeichert, um Container-Updates zu überstehen.

vscode-remote-ssh/translations/en.yaml

@@ -2,3 +2,6 @@ configuration:
   ssh_keys:
     name: Authorized SSH Keys
     description: SSH keys that are authorized to connect to the Visual Studio Code Remote SSH Server.
+  persist_ssh_host_keys:
+    name: Persist SSH Host Keys
+    description: If true, the SSH host keys will be persisted in the /data folder to survive container updates.