HA authentication attempt fails (occasionally)

Configuration
1

Hi,

I keep getting (maybe once a day) a persistent notification about authentication error, so finally decided to check the logs and saw this entry:

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:125
Integration: HTTP (documentation, issues)
First occurred: 2:26:31 PM (8 occurrences)
Last logged: 3:10:47 PM

Login attempt or request with invalid authentication from <redacted> (<redacted>). (Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36)

I am running a supervised version on a Debian box and also using self signed certificates for my set up.

Here is my http configuration:

http:
  ssl_certificate: <path_to_certificate>
  ssl_key: <path_to_key>
  ip_ban_enabled: true
  login_attempts_threshold: 25

I used to get locked out very often so increase the threshold to “25” but still get locked out about once every 2-3 months.

If anyone knows why authentication fails sporadically in my setup or how to fix it, please let me know.

2

Ive had the same thing happening on my HA Container install for a very long time (maybe a year now?). Not nearly as bad as yours tho. Maybe once a week or so.

I’ve never been able to figure out why. I even posted a thread to ask about it and never got anywhere.

I just live with it now and have ip bans disabled.

3

I think I may solved it by following these:

  1. Deleted the browser history from the machine that keeps logging the incorrect login
  2. Deleted all refresh token(s) for the machine in question from HA, there were 17 refresh tokens for this machine and most likely the cause of this error.
  3. Fresh login and now only see one refresh token for this machine and I have not see any incorrect login attempt error in 2 days.

The reason why this mess happened is that I normally use Brave browser for normal HA access but on certain occasion I used Chrome (for serial flashing over USB) or incognito mode when I am trying to say authorize Google Drive backup for HA (using my non-standard Google account). So ended up with multiple tokens which likely leads to an occasional mismatch and hence the error!

1 Like
4

good point.

Coincidentally, I had never gone thru all of the refresh tokens to delete them until a few days ago. There were several there too. I deleted them all so we’ll see if it fixes the occasional login errors.

5

It has been few days and I have not seen a single instance of login attempt failing so fair to say we have solved the problem :sunglasses:

1 Like