Securing
One major advantage of Home Assistant is that it’s not dependent on cloud services. Even if you’re only using Home Assistant on a local network, you should take steps to secure your instance.
Checklist
- Protect your web interface with a password
- Secure your host. Sources could be Red Hat Enterprise Linux 7 Security Guide, CIS Red Hat Enterprise Linux 7 Benchmark, or the Securing Debian Manual.
- Restrict network access to your devices. Set
PermitRootLogin no
in your sshd config (usually/etc/ssh/sshd_config
) and to use SSH keys for authentication instead of passwords. - Don’t run Home Assistant as root – consider the Principle of Least Privilege.
- Keep your secrets safe.
If you want to allow remote access, consider these additional points:
- Protect your communication with TLS/SSL.
- Protect your communication with Tor.
- Protect your communication with a self-signed certificate.
- Use a proxy.