Access hassio Samba share remotely—can I do it?

Hi! I’m using the samba share add-on to access my config files. Tho coming into work today, I tried to access my config files and it just told me the hassio Samba share was not available. Is it possible to access the Samba share remotely? Or do I need to be on the same network?

Here is my current set up:

{
  "workgroup": "WORKGROUP",
  "name": "hassio",
  "guest": false,
  "map": {
    "config": true,
    "addons": true,
    "ssl": false,
    "share": true,
    "backup": true
  },
  "username": "javier",
  "password": "password",
  "interface": "eth0"
}

And my log from the Samba client:

Could not find child 1127 -- ignoring
Could not find child 1129 -- ignoring
Could not find child 1131 -- ignoring
Could not find child 1133 -- ignoring
Could not find child 1135 -- ignoring
Could not find child 1137 -- ignoring
Could not find child 1139 -- ignoring
Could not find child 1141 -- ignoring
Could not find child 1143 -- ignoring
Could not find child 1153 -- ignoring

You need to be on the same network for Samba to work.

OK, that was my fear. What about if I VPN into my home network… would that work? Is that secure enough?

Or is there another way for me to edit my config remotely?

If you VPN in and you have the SSH add-on enabled on hassio, then you can edit via the command line editor (vi). I think there may be other add-on’s but personally, I think the goal should be for automations to just work, and not take a lot of interaction or remote access. SSH is exposes the least through the UI. I’m also concerned about security, so my thought is the less that is exposed, the fewer opportunities there are for bad things to happen.

1 Like

@acdown87 I do agree with @dap35, there more you open to the outside world, the higher the risk.

Nevertheless, since you are running Hassio, if someone gained access to your frontend, they will be able to access your Hassio panel and therefore install all kinds of stuff (e.g. the Tor add-on, which would not even require port forwarding).

That said, if you want remote access to your configuration, you could install the “Configurator” add-on, which is in the core add-ons repository. Another option is the “IDE” add-on, which you can find here: Community Hass.io Add-on: IDE, based on Cloud9.

@frenck Thanks for your input. I have my frontend secured with a password of course, as well as set up through DuckDNS. What else can I do to secure it?

My understanding with Tor is that it would only be accessible through the Tor browser, is that true? Or am I misunderstanding.

I’ll take a look at the Configurator. I did instal the IDE add-on already, but that doesn’t seem to load when I’m not on my home network either.

I was not suggesting to use Tor… I was just warning about the security risks when exposing the frontend. So not sure how to answer your question. The best security is not to expose your installation to the outside world (that was kinda the message).

Configurator & the IDE add-on both rely on the same techniques regarding outside world exposing. The issue might be on your network (e.g., you’ll need to forward ports on your router in order to expose these add-ons to the outside world).

Right, I understand that. There’s just only a certain amount I can configure when I’m at home (time restraints, kids whatever), so I tend to do more when I’m at work and things are slow. I guess I could forward the port, add some authentication, and restrict it only to my office IP… right?

Ultimately, the front end I do like to have available on my phone wherever I’m at to check in on cameras etc. I have it set with a password—but are there other ways to add authentication? 2FA? A username at least?

I wish there was :wink:

1 Like

Search the forums a bit. Someone shared a setup that pulled their config from github and restarted HA.

That way you can edit in github and run the checks on that end and then trigger an automation/script to restart.

Downside is if your config is off the restart will hang and your locked out until you return home.

1 Like

That’s a neat idea. I’ll check it out. Thanks @silvrr

Here is the link.

I keep saying this. One day it will be commonplace. :wink:

Syncthing.

Syncthing syncing the config directory (ignoring the .DB file if you’re not using an external database) to my desktop/laptop allows me to edit anywhere.

1 Like