One major advantage of Home Assistant is that it’s not dependent on cloud services. Even if you’re only using Home Assistant on a local network, you should take steps to secure your instance.
Here’s the summary of what you must do to secure your Home Assistant system:
- Configure secrets (but do remember to back them up)
- Regularly keep the system up to date
Other options are to use TLS/SSL via the add-ons Duck DNS integrating Let’s Encrypt or Let’s Encrypt. To expose your instance to the internet, use a VPN, or an SSH tunnel. Make sure to expose the used port in your router.
As well as the above we advise that you consider the following to improve security:
- For systems that use SSH set
PermitRootLogin noin your sshd configuration (usually
/etc/ssh/sshd_config) and to use SSH keys for authentication instead of passwords. This is particularly important if you enable remote access to your SSH services.
- Lock down the host following good practice guidance, for example: