mirror of
https://github.com/home-assistant/home-assistant.io.git
synced 2025-05-18 08:58:58 +00:00

* Split MQTT documentation * Add more details * Move content to /docs * Enable sidebar * Move content to /docs * Enable sidebar * Move content * Update links * Remove wizard stuff * Enable sidebar * Minor changes * Move MQTT parts to /docs * update links * Update links and sync content * Fix link * Enable sidebar * Remove navigation * Remove navigation and other minor updates * Update links * Add overview page * Make title linkable * Update * Plit content * Update links * Rearrange content * New getting-started section * Add icons for docs * Update for new structure * Update for new structure * Add docs navigation * Add docs overview page * Remove ecosystem navigation * Add docs and remove other collections * Move ecosystem to docs * Remove duplicate files * Re-add ecosystem overview * Move to ecosystem * Fix permission * Update navigation * Remove collection * Move overview to right folder * Move mqtt to upper level * Move notebook to ecosystem * Remove un-used files * Add one more rectangle for iOS * Move two parts back from docs and rename Run step * Remove colon * update getting-started section * Add redirect * Update * Update navigation
31 lines
1.7 KiB
Markdown
31 lines
1.7 KiB
Markdown
---
|
||
layout: page
|
||
title: "Securing"
|
||
description: "Instructions how to secure your Home Assistant installation."
|
||
date: 2016-10-06 06:00
|
||
sidebar: true
|
||
comments: false
|
||
sharing: true
|
||
footer: true
|
||
redirect_from: /getting-started/securing/
|
||
---
|
||
|
||
One major advantage of Home Assistant is that it's not dependent on cloud services. Even if you're only using Home Assistant on a local network, you should take steps to secure your instance.
|
||
|
||
### {% linkable_title Checklist %}
|
||
|
||
- [Protect your web interface with a password](https://home-assistant.io/getting-started/basic/#password-protecting-the-web-interface)
|
||
- Secure your host. Sources could be [Red Hat Enterprise Linux 7 Security Guide](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/pdf/Security_Guide/Red_Hat_Enterprise_Linux-7-Security_Guide-en-US.pdf), [CIS Red Hat Enterprise Linux 7 Benchmark](https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.0.0.pdf), or the [Securing Debian Manual](https://www.debian.org/doc/manuals/securing-debian-howto/index.en.html).
|
||
- Restrict network access to your devices. Set `PermitRootLogin no` in your sshd config (usually `/etc/ssh/sshd_config`) and to use SSH keys for authentication instead of passwords.
|
||
- Don't run Home Assistant as root – consider the Principle of Least Privilege.
|
||
- Keep your [secrets](/topics/secrets/) safe.
|
||
|
||
If you want to allow remote access, consider these additional points:
|
||
|
||
- Protect your communication with [TLS](/blog/2015/12/13/setup-encryption-using-lets-encrypt/)
|
||
- Protect your communication with [Tor](/cookbook/tor_configuration/)
|
||
- Protect your communication with a [self-signed certificate](/cookbook/tls_self_signed_certificate/)
|
||
- Use a [proxy](/cookbook/apache_configuration/)
|
||
|
||
|