mirror of
https://github.com/home-assistant/home-assistant.io.git
synced 2025-04-27 23:07:34 +00:00
2.2 KiB
2.2 KiB
| layout | title | description | date | sidebar | comments | sharing | footer | redirect_from |
|---|---|---|---|---|---|---|---|---|
| page | Securing | Instructions on how to secure your Home Assistant installation. | 2016-10-06 06:00 | true | false | true | true | /getting-started/securing/ |
One major advantage of Home Assistant is that it's not dependent on cloud services. Even if you're only using Home Assistant on a local network, you should take steps to secure your instance.
{% linkable_title Checklist %}
- Protect your web interface with a password
- Secure your host. Sources could be Red Hat Enterprise Linux 7 Security Guide, CIS Red Hat Enterprise Linux 7 Benchmark, or the Securing Debian Manual.
- Restrict network access to your devices. Set
PermitRootLogin noin your sshd config (usually/etc/ssh/sshd_config) and to use SSH keys for authentication instead of passwords. - Don't run Home Assistant as root – consider the Principle of Least Privilege.
- Keep your secrets safe.
If you want to allow remote access, consider these additional points:
- Protect your communication with TLS/SSL.
- Protect your communication with Tor.
- Protect your communication with a self-signed certificate.
- Use a proxy.
- Set up a VPN
- Use a SSH tunnel to connect to your frontend.
If you've forwarded any ports to your Home Assistant system from the Internet then it *will* be found by others. Whether through services like Shodan, or direct port scanning, all systems on the Internet are routinely probed for accessible services. If you fail to set a password then it is simply a matter of time before somebody finds your system - potentially as little as a few hours.