Authentication Providers Update - Now Getting HAMMERED by Auth Errors from Unknown Source

ziptbm · June 1, 2019, 3:36pm

After the Authentication Providers update that started the deprecation of Legacy API Password, my system is getting pounded by hundreds of errors that show something on my host IP is attempting to log into Home Assistant.

Login attempt or request with invalid authentication from 10.0.0.1

and

Login attempt or request with invalid authentication from 127.0.0.1

And the Notification within Home Assistant regularly shows:

Login attempt failed
Login attempt or request with invalid authentication from 10.0.0.1

My config currently shows this:

  auth_providers:
    - type: homeassistant

And I’ve gone through everything I can think of to ensure the legacy API password is not being used, but have come up short. Here are some other details about my configuration:

HA hosted in Docker on Synology NAS
Using MySQL db in Docker on Synology NAS for recorder
Using Unifi device tracker platform
Using Nabu Casa
Also have reverse proxy set up through Synology NAS (so SSL certificate and port management is managed there).

Any ideas or suggestions for what I can do to remove this error?

grzeg8102 · September 21, 2019, 10:39am

You’ve got almost identical setup as mine. I’m also getting 127.0.0.1 auth problem from time to time. I suspect someone is trying to log on via external IP via reverse proxy. The problm is that I think it’s the reverse proxy to blame for not showing the real, public IP of the person trying to log on.
Did you find a solution for this? There must be a way to force ngnx in Synology to pass the real IP instead of 127.0.0.1 to Home Assisatnt

ziptbm · October 18, 2019, 11:50pm

haven’t figured it out yet, but I still get these all the time. I can tell it’s coming from me, so there’s still something in my config that is off…or not working with Nabu Casa in this configuration…

DavidFW1960 · October 18, 2019, 11:56pm

If it’s a reverse proxy, see the http: section in config, specifically trusted_proxies and x_forwarded_for - then you will see the real ip address. I also use the custom_component authenticated which makes a sensor showing ip address of last auth plus keeps a log file.

ziptbm · October 19, 2019, 12:00am

Do you do that with Nabu Casa?

I originally had the trusted_proxies and x_forward_for in my config, but had to remove those when I added Nabu Casa to my system.

DavidFW1960 · October 19, 2019, 12:01am

I don’t use Nabu Casa

grzeg8102 · October 19, 2019, 9:09am

Correct! I introduced these to my setup shortly after posting this question. I’ve made some research and these things solved my problem. I can confirm to others that it’s working fine. Thanks for the reply anyway

ziptbm · October 19, 2019, 2:46pm

and to clarify, you don’t use Nabu Casa either?

Codec303 · October 19, 2019, 3:40pm

It may be worth looking into LDAP authentication if you are having issues with HA’s authentication