Insecure Zigbee2MQTT network key

Ron_Wagstaff · January 13, 2022, 11:58am

I’ve recently moved away from Zigbee2MQTT and I’m now using ZHA.

When I restart HA I get this error:

Your network is using the insecure Zigbee2MQTT network key!
10:39:25 – (WARNING) /usr/local/lib/python3.9/site-packages/zigpy_znp/zigbee/application.py

Now I’m a complete novice when it comes to Linux, but I expected to go to the directory and edit the file application.py. However when I type ‘cd /usr/local/lib/python3.9/site-packages/zigpy_znp/zigbee’ at the terminal, I get a “No such directory” error.

Can you help me please?

m0wlheld · January 13, 2022, 3:04pm

You are using the default Zigbee network key ([1, 3, 5, 7, 9, 11, 13, 15, 0, 2, 4, 6, 8, 10, 12, 13]), that’s why you receive that warning.

Message comes off this code: zigpy-znp/zigpy_znp/zigbee/application.py at d37ac29ea7f164e43445c0a87b5b85dd0067de0d · zigpy/zigpy-znp · GitHub
And the checked default key is here: zigpy-znp/zigpy_znp/const.py at d37ac29ea7f164e43445c0a87b5b85dd0067de0d · zigpy/zigpy-znp · GitHub

Ron_Wagstaff · January 14, 2022, 8:39am

Ok, thanks for that. Now how do I avoid it?

m0wlheld · January 14, 2022, 8:45am

You can’t do anything about this now. If you change the network key after the Zigbee network has been established, you need to re-pair every device.

See Zigbee network | Zigbee2MQTT.

Ron_Wagstaff · January 14, 2022, 10:09am

My issue is that, as far as I know, I have removed Zigbee2MQTT from my system; I have deleted the Mosquitto and Zigbee2mqtt Add-ons. Yet, I am still getting a warning regarding the Zigbee2mqtt password.

m0wlheld · January 14, 2022, 10:14am

Maybe they share the same underlying framework, dunno.

francisp · January 14, 2022, 11:13am

I think it is stored in the NVRAM on the stick. Try to flash firmware, and after delete all nvram with the next script:

github.com

Koenkk/zigbee2mqtt/blob/57852fcddfe8339cb6ae91b1cd90677e995cdb8a/scripts/zStackEraseAllNvMem.js

const {ZnpCommandStatus, NvSystemIds} = require('zigbee-herdsman/dist/adapter/z-stack/constants/common');
const {ZnpVersion} = require('zigbee-herdsman/dist/adapter/z-stack/adapter/tstype');
const {Subsystem} = require('zigbee-herdsman/dist/adapter/z-stack/unpi/constants');
const {Znp} = require('zigbee-herdsman/dist/adapter/z-stack/znp');


class ZStackNvMemEraser {
    constructor(device) {
        this.znp = new Znp(device, 115200, false);
    }

    async start() {
        await this.znp.open();
        const attempts = 3;
        for (let i = 0; i < attempts; i++) {
            try {
                await this.znp.request(Subsystem.SYS, 'ping', {capabilities: 1});
                break;
            } catch (e) {
                if (attempts - 1 === i) {

This file has been truncated. show original

m0wlheld · January 14, 2022, 11:34am

And prepare for re-pairing …

francisp · January 14, 2022, 12:56pm

Any change of the Zigbee network key requires repairing all devices.