jeena/home-assistant.github.io
1
0
Fork 0
Code Issues Pull requests Projects Packages Wiki Activity Actions
home-assistant.github.io/blog/2017/11/02/secure-shell-tunnel/index.html
Travis CI e7b29cb462 Site updated at 2017-11-02 11:12:03 UTC
2017-11-02 11:12:04 +00:00

252 lines
15 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
<!--[if IE 8]> <html class="no-js lt-ie9"> <![endif]-->
<!--[if gt IE 8]><!--> <html> <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Home Assistant and SSH - Home Assistant</title>
<meta name="author" content="Fabian Affolter">
<meta name="description" content="Accessing Home Assistant through a secure shell tunnel.">
<meta name="viewport" content="width=device-width">
<link rel="canonical" href="https://home-assistant.io/blog/2017/11/02/secure-shell-tunnel/">
<meta property="fb:app_id" content="338291289691179">
<meta property="og:title" content="Home Assistant and SSH">
<meta property="og:site_name" content="Home Assistant">
<meta property="og:url" content="https://home-assistant.io/blog/2017/11/02/secure-shell-tunnel/">
<meta property="og:type" content="article">
<meta property="og:description" content="Accessing Home Assistant through a secure shell tunnel.">
<meta property="og:image" content="https://home-assistant.io/images/blog/2017-11-ssh/social.png">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:site" content="@home_assistant">
<meta name="twitter:creator" content="@fabaff">
<meta name="twitter:title" content="Home Assistant and SSH">
<meta name="twitter:description" content="Accessing Home Assistant through a secure shell tunnel.">
<meta name="twitter:image" content="https://home-assistant.io/images/blog/2017-11-ssh/social.png">
<link href="/stylesheets/screen.css" media="screen, projection, print" rel="stylesheet">
<link href="/atom.xml" rel="alternate" title="Home Assistant" type="application/atom+xml">
<link rel='shortcut icon' href='/images/favicon.ico' />
<link rel='icon' type='image/png' href='/images/favicon-192x192.png' sizes='192x192' />
</head>
<body >
<header class='site-header'>
<div class="grid-wrapper">
<div class="grid">
<div class="grid__item three-tenths lap-two-sixths palm-one-whole ha-title">
<a href="/" class="site-title">
<img width='40' src='/demo/favicon-192x192.png'>
<span>Home Assistant</span>
</a>
</div>
<div class="grid__item seven-tenths lap-four-sixths palm-one-whole">
<nav>
<input type="checkbox" id="toggle">
<label for="toggle" class="toggle" data-open="Main Menu" data-close="Close Menu"></label>
<ul class="menu pull-right">
<li><a href="/getting-started/">Getting started</a></li>
<li><a href="/components/">Components</a></li>
<li><a href="/docs/">Docs</a></li>
<li><a href="/cookbook/">Examples</a></li>
<li><a href="/developers/">Developers</a></li>
<li><a href="/blog/">Blog</a></li>
<li><a href="/help/">Need help?</a></li>
<li><a href='#' class='show-search'><i class="icon-search"></i></a></li>
</ul>
</nav>
<div class='search-container' style='display: none'>
<div class='search'>
<i class="icon-search"></i>
<input id='search' placeholder='Search the docs…'>
<a href='#' class='close'><i class="icon-remove-sign"></i></a>
</div>
</div>
</div>
</div>
</div>
</header>
<div class="grid-wrapper">
<div class="grid grid-center">
<div class="grid__item two-thirds lap-one-whole palm-one-whole">
<article class="post">
<header>
<h1 class="title indent">Home Assistant and SSH</h1>
<div class="meta clearfix">
<time datetime="2017-11-02T10:00:00+00:00" pubdate data-updated="true"><i class="icon-calendar"></i> November 02, 2017</time>
<span class="byline author vcard"><i class='icon-user'></i> Fabian Affolter</span>
<span><i class='icon-time'></i> three minutes reading time</span>
<span>
<i class="icon-tags"></i>
<ul class="tags unstyled">
<li>How-To</li>
</ul>
</span>
<a class='comments'
href="#disqus_thread"
>Comments</a>
</div>
</header>
<p>Most system engineers are very familiar with <a href="https://en.wikipedia.org/wiki/Secure_Shell">SSH (Secure shell)</a>. This tool which contains a server part and a client part is used to access a remote system in a secure way. It can also help you if your are running Home Assistant but dont want to expose it to the public. On a Linux system SSH is often available by default. If you are using a Windows installation additional steps are required which are not covered here.</p>
<p>In this blog post we are going to use the tunneling option of SSH to create a secure connection and forward the Home Assistant frontend to a local system.</p>
<a name="read-more"></a>
<p>The involved parties are:</p>
<ul>
<li><strong>Remote system</strong>: Where Home Assistant is running, usually in your home network.</li>
<li><strong>Local system</strong>: Where you want to see the frontend.</li>
</ul>
<p>The prerequirements are that you need to allow the forwarding of port 22 from your router to the system where Home Assistant is running in your network. It might also be needed that you enable the SSH daemon by <code class="highlighter-rouge">$ sudo systemctl start sshd</code> on the remote system and to adjust the host firewall. If you are running <a href="https://home-assistant.io/hassio/">Hass.io</a> then enable the <a href="https://home-assistant.io/addons/ssh/">SSH Server add-on</a>. You must also have a public IP address or hostname which can be provided by dynamic DNS (e.g., <a href="https://www.noip.com/">NO-IP</a> or <a href="https://www.duckdns.org/">DuckDNS</a>).
On your local system you need only a SSH client and you need to be in a network where SSH is allowed.</p>
<p>First lets have a look at the command we are going to use. Use <code class="highlighter-rouge">man ssh</code> to get more information.</p>
<div class="language-bash highlighter-rouge"><pre class="highlight"><code><span class="gp">$ </span>ssh -L 8000:localhost:8123 user@[IP_ADDRESS_REMOTE]
| | | | | |
| | | | | |_ IP address or hostname of your router.
| | | | |_ Username on the remote system.
| | | |_ Port where the application is running.
| | |_ We want the frontend on this system.
| |_ The port on our <span class="nb">local </span>system to use <span class="o">(</span>above 1024<span class="o">)</span>.
|_ We want to <span class="k">do </span><span class="nb">local </span>port forwarding.
</code></pre>
</div>
<p>A possible example could look like the command below.</p>
<div class="language-bash highlighter-rouge"><pre class="highlight"><code><span class="gp">$ </span>ssh -L 8000:localhost:8123 ha@192.168.0.11
</code></pre>
</div>
<p>The first time you establish the connection you need to accept the fingerprint.</p>
<div class="language-bash highlighter-rouge"><pre class="highlight"><code>The authenticity of host <span class="s1">'192.168.0.11 (192.168.0.11)'</span> can<span class="s1">'t be established.
ECDSA key fingerprint is SHA256:asdf2faasd4gk45454fadr78wfadfasdfeg4vvvsae33.
ECDSA key fingerprint is MD5:44:d4:f7:44:d4:aa:b8:de:ef:09:3e:0d:4e:12:11:09.
Are you sure you want to continue connecting (yes/no)?
Warning: Permanently added '</span>192.168.0.162<span class="s1">' (ECDSA) to the list of known hosts.
ha@192.168.0.11'</span>s password:
Last login: Fri Oct 27 17:50:09 2017
<span class="o">[</span>ha@home-assistant ~]<span class="nv">$ </span>
</code></pre>
</div>
<p>Now you are able to use your frontend on your local system: <a href="http://localhost:8000">http://localhost:8000</a></p>
<p>Things to keep in mind:</p>
<ul>
<li>You need a public IP address or hostname (Dynamic DNS will work) if you want to use it from the internet.</li>
<li>You need to setup port forwarding on your router.</li>
<li>Dont allow <code class="highlighter-rouge">root</code> to use SSH. Set <code class="highlighter-rouge">PermitRootLogin no</code> on the remote system.</li>
<li>Your local port must be above 1024. Only <code class="highlighter-rouge">root</code> is allowed to forward privileged ports which are below 1024.</li>
<li>Use <a href="https://docs-old.fedoraproject.org/en-US/Fedora/14/html/Deployment_Guide/s2-ssh-configuration-keypairs.html">SSH keys for authentication</a> instead of passwords to avoid bruteforce attacks.</li>
</ul>
</article>
<section id="disqus">
<h3 class="indent title">Comments</h3>
<div id="disqus_thread" aria-live="polite"><noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript></div>
</section>
</div>
<aside id="sidebar" class="grid__item one-third lap-one-whole palm-one-whole">
<div class="grid">
<section class="aside-module grid__item one-whole lap-one-half">
<h1 class="title delta">About Home Assistant</h1>
<ul class="divided">
<li>
Home Assistant is an open-source home automation platform running on Python 3. Track and control all devices at home and automate control.
</li>
<li><a href='/getting-started/'>Get started with Home Assistant</a></li>
<li><a href='/demo/'>Try the online demo</a></li>
<li><a class="twitter-follow-button" href="https://twitter.com/Home_Assistant">Follow Home Assistant on Twitter</a></li>
<li><div class="fb-like" data-href="https://www.facebook.com/homeassistantio/" data-layout="standard" data-action="like" data-size="small" data-show-faces="true" data-share="false"></div></li>
</ul>
</section>
<div id="fb-root"></div>
<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.async=true;js.src='//platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script>
<script>(function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(d.getElementById(id)){return;}js=d.createElement(s);js.id=id;js.async=true;js.src="//connect.facebook.net/en_US/all.js#appId=338291289691179&xfbml=1";fjs.parentNode.insertBefore(js,fjs);}(document,'script','facebook-jssdk'));</script>
<section class="sharing aside-module grid__item one-whole lap-one-half">
<h1 class="title delta">Share this post</h1>
<a href="//twitter.com/share"
class="twitter-share-button"
data-via="home_assistant"
data-related="home_assistant"
data-url="https://home-assistant.io/blog/2017/11/02/secure-shell-tunnel/"
data-counturl="https://home-assistant.io/blog/2017/11/02/secure-shell-tunnel/" >Tweet</a>
<div class="fb-share-button" style='top: -6px;'
data-href="https://home-assistant.io/blog/2017/11/02/secure-shell-tunnel/"
data-layout="button_count">
</div>
<div class="g-plusone" data-size="standard"></div>
</section>
<script src="https://apis.google.com/js/platform.js" async defer></script>
<section id="recent-posts" class="aside-module grid__item one-whole lap-one-half">
<h1 class="title delta">Recent Posts</h1>
<ul class="divided">
<li class="post">
<a href="/blog/2017/10/28/demo/">Home Assistant Demo</a>
</li>
<li class="post">
<a href="/blog/2017/10/23/simple-analog-sensor/">Serial analog sensor</a>
</li>
<li class="post">
<a href="/blog/2017/10/21/release-56/">0.56: Skybell, Google Assistant, Travis CI and Toon</a>
</li>
<li class="post">
<a href="/blog/2017/10/18/hasspodcast-ep-10/">Home Assistant Podcast #10</a>
</li>
</ul>
</section>
</div>
</aside>
</div>
</div>
<footer>
<div class="grid-wrapper">
<div class="grid">
<div class="grid__item">
<div class="copyright">
<a rel="me" href='https://twitter.com/home_assistant'><i class="icon-twitter"></i></a>
<a rel="me" href='https://facebook.com/homeassistantio'><i class="icon-facebook"></i></a>
<a rel="me" href='https://plus.google.com/110560654828510104551'><i class="icon-google-plus"></i></a>
<a rel="me" href='https://github.com/home-assistant/home-assistant'><i class="icon-github"></i></a>
<div class="credit">
Contact us at <a href='mailto:hello@home-assistant.io'>hello@home-assistant.io</a> (no support!).<br>
Website powered by <a href='http://jekyllrb.com/'>Jekyll</a> and the <a href='https://github.com/coogie/oscailte'>Oscalite theme</a>.<br />
Hosted by <a href='https://pages.github.com/'>GitHub</a> and served by <a href='https://cloudflare.com'>CloudFlare</a>.
</div>
<a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/4.0/"><img alt="Creative Commons License" style="border-width:0" src="https://i.creativecommons.org/l/by-nc-sa/4.0/88x31.png" /></a><br /><span xmlns:dct="http://purl.org/dc/terms/" property="dct:title">home-assistant.io</span> is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/4.0/">Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License</a>.
</div>
</div>
</div>
</div>
</footer>
<script>
var _gaq=[['_setAccount','UA-57927901-1'],['_trackPageview']];
(function(d,t){var g=d.createElement(t),s=d.getElementsByTagName(t)[0];
g.src=('https:'==location.protocol?'//ssl':'//www')+'.google-analytics.com/ga.js';
s.parentNode.insertBefore(g,s)}(document,'script'));
</script>
<script>
var disqus_shortname = 'home-assistant';
// var disqus_developer = 1;
var disqus_identifier = 'https://home-assistant.io/blog/2017/11/02/secure-shell-tunnel/';
var disqus_url = 'https://home-assistant.io/blog/2017/11/02/secure-shell-tunnel/';
var disqus_script = 'embed.js';
(function () {
var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
dsq.src = '//' + disqus_shortname + '.disqus.com/' + disqus_script;
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
}());
</script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/docsearch.js/2/docsearch.min.css" />
<script type="text/javascript" src="https://cdn.jsdelivr.net/docsearch.js/2/docsearch.min.js"></script>
<script type="text/javascript">
docsearch({
apiKey: 'ae96d94b201c5444c8a443093edf3efb',
indexName: 'home-assistant',
inputSelector: '#search',
debug: false // Set debug to true if you want to inspect the dropdown
});
document.querySelector('.search .close').addEventListener('click', function(ev) {
ev.preventDefault();
document.querySelector('.search-container').style.display = 'none';
});
document.querySelector('.show-search').addEventListener('click', function(ev) {
ev.preventDefault();
document.querySelector('.search-container').style.display = 'block';
document.getElementById('toggle').checked = false;
document.querySelector('.search-container input').focus();
});
</script>
</body>
</html>
Reference in a new issue View git blame Copy permalink