Home Assistant Add-on: Autossh (Cloud/VPN alternative)

Hey Community!

I want to share a solution to get your Home Assistant System hooked up to a public domain (or public IP). This solution works without portforwarding or a public IP for your home. You need a publicly available server though, i.e. for website hosting or your own mail server.
I decided to use an SSH tunnel instead of a VPN or one of the supported cloud services. The solution has a tiny footprint and has been rock solid so far.

Simple sense check: If you had little contact with “SSH servers” so far, this add-on is probably not for you :smiley:

The addon can be found in my repository at:

GitHub - ThomDietrich/home-assistant-addons: Alternative to cloud or VPN: Permanent port forwarding through an SSH tunnel

Development Status

The add-on has been running smoothly for almost two years.

At the time of this writing, no bug is known to me.


To be clear: This add-on is useful for you if you own a public server with an SSH service. This is also great in combination with a domain name, as you can then reach your home automation UI via e.g. https://ha.mydomain.com.

Counterpart Security

On the public server you link your setup to, an SSH server needs to be accessible and credentials must be provided to your Home Assistant instance. As this is a significant security risk by itself, I suggest a docker based solution to containerize the SSH-to-publicly available-IP task. A docker-compose.yaml is provided with the repository.

I hope you enjoy the add-on and please do not hesitate to drop me a ticket or a PR.
Happy Automating!


Just fyi,
I just set up a new Home Assistant instance and this addon is still doing what it’s supposed to. Reliable on three instances for up to a year. Cheers

You make my day @ThomDietrich This works perfect and very easy to setup. I use Home assistant in my motorhome with mobile WiFi and tried to get this working by setting up a VPN tunnel between my home router and the motorhome route. This works but all traffic uses this link which slows down my MSteams meeting (sometimes work form my motorhome :wink: )
Splitting proved to be difficult and this setup worked in 15 minutes.

A tip who uses a linux server managed by Webmin: You can create an additional user with no login rights and paste the public key directly in the SSH Public key box


1 Like

Hi @ThomDietrich ,

thabks for the great work!

Sorry for the noob question. Can I use your add-on on the other direction? I mean, I’m not interested to be able to access my HA. I pretend to establish a SSH tunnel between HA and a cloud server in order to allow secure mysql comunication. It is possible with your addon?



Hey, I am not sure, it really depends on a few technical limitations I would need to look at first. Generally you are able to define any of the ssh tunnels through the configuration of the addon. What I am not sure about is whether the forwarded mysql port would then be accessible to your purpose, despite the docker environment. You need to play around with that.

Thanks @ThomDietrich ,

I will try (meanwhile I adopted another tunnel solution)

@ThomDietrich i am trying to use a pem private key downloaded from AWS. can i replace the content of private key used by the addon?

this function is not provided through the container. You should be able to write to the mounted storage volume but I can’t tell you where that is located. You might need to explore a bit.

Or hack yourself a version of the addon that accepts a key as config input. I would accept a PR

i tried forking and add a string input for the pem private key but somehow when bash read config value into a variable and echo output > to the keyfile, the newline chars are not output correctly. After meddling for few hours, i gave up. Just use the pubkey generated by the addon.

Thank you for creating this addon.

1 Like

Hey all,
I’ve updated the README in the repository with a docker based counterpart SSH server to fully encapsulate and decouple the solution. I believe this might be useful to many.