Bypass login

lowrisk75 · September 20, 2021, 11:44am

I have my Home Assistant and My Google Nest Hub in the IoT network (192.168.8.0/24 subnet)
SmartPhone and other device are in a another (secure) VLAN with a different subnet.

I’m trying to bypass login for one single IP on the IoT network (Google Nest Hub) but let every other clients in IoT and other VLAN use they usual login + 2FA

  auth_providers:
    - type: trusted_networks
      trusted_networks:
       # - 192.168.8.0/24
       - 192.168.8.22
      allow_bypass_login: true
        trusted_users:
        192.168.8.22: user1_id
    - type: homeassistant

first technically, reading the docs, you should whitelist a whole subnet and not only one IP, which I don’t want to do

I tried this but that don’t let other clients connect.
How can I just bypass login for this single IP (just so I can cast home assistant to my Google Nest Hub) and then let my home secure VLAN login normal (different user)

tom_l · September 20, 2021, 3:22pm

Try
192.168.8.22/32

This should allow only the specified IP address.

lowrisk75 · September 20, 2021, 6:12pm

I will try that thank you, but I’m scared to lock myself from my own network (with is a different subnet and also my user_ID is different).

if I add other subnet in the trusted_networks, do allow_bypass_login will also be enabled for them? and would I be able to connect with a another user_id?

  auth_providers:
    - type: trusted_networks
      trusted_networks:
       - 192.168.8.0/24 
       - 192.168.1.0/24 
      allow_bypass_login: true
        trusted_users:
        192.168.8.22/24 #(in my case my subnet is 24)
          - user_id1 ## specific user for Google Nest Hub
      allow_bypass_login: true
    - type: homeassistant

llingnau · October 3, 2021, 8:28pm

@lowrisk75 Basically, all networks listed as “trusted_networks” are networks where you can pick any username and don’t have to provide a password to login. In your case (the config you shared), that would be 192.168.8.0/24 and 192.168.1.0/24. But actually 192.168.8.22/32 should be enough as pointed out by @tom_l

As for “trusted_users”, this can be used to limit which accounts are available for a given network or a given IP. And when only one userid is listed, that means that you’re logged in with this user automatically.

So if ALL you want to do is have 192.168.8.22 login automatically, the following should be enough:

# Allow login without password from local network
homeassistant:
  auth_providers:
    - type: trusted_networks
      trusted_networks:
        - 192.168.8.22/32
      trusted_users:
        192.168.8.22:
          - user_id1 ## specific user for Google Nest Hub
      allow_bypass_login: true
    - type: homeassistant

And as long as you have access to the configuration file via SMB for example, it’s unlikely that you will get locked out. You can always modify the configuration file and restart home assistant to “fix it”. But as long as you have " - type: homeassistant" at the end, you should be able to switch to the regular login page again.

lowrisk75 · October 9, 2021, 5:53pm

Thank a lot, that make sense, I’ll try it today!