Securing

One major advantage of Home Assistant is that it’s not dependent on cloud services. Even if you’re only using Home Assistant on a local network, you should take steps to secure your instance.

Checklist

• Protect your web interface with a password
• Secure your host. Sources could be Red Hat Enterprise Linux 7 Security Guide, CIS Red Hat Enterprise Linux 7 Benchmark, or the Securing Debian Manual.
• Restrict network access to your devices. Set PermitRootLogin no in your sshd config (usually /etc/ssh/sshd_config) and to use SSH keys for authentication instead of passwords.
• Don’t run Home Assistant as root – consider the Principle of Least Privilege.
• Keep your secrets safe.

If you want to allow remote access, consider these additional points:

• Protect your communication with TLS/SSL.
• Protect your communication with Tor.
• Protect your communication with a self-signed certificate.
• Use a proxy.