Lutron Caseta - Leap SSH integration

Well, at least they’re listening.

What is the MAC Address of your bridge? 


What is the model number of your bridge?

See attached image

What 3rd party system is the bridge no longer integrating with?


Home assistant using pylutron-caseta

https://github.com/gurumitts/pylutron-caseta

Here is the home assistant forum link.  

https://community.home-assistant.io/t/lutron-caseta-leap-ssh-integration/29136/20

Unfortunately, most third party integrations are broken from what we have gathered.


Sincerely,

Brian W.

Lutron Technical Support

www.lutron.com/support

1-844-LUTRON1

 

Technical Support Feedback

Lutron is committed to improving the customer experience. Your feedback ensures we are focused on what is important to our customers. If you had a positive experience or you think we can do a better job, please provide your feedback by clicking the feedback link above.  We greatly appreciate your input and thank you for your business

From: Application Group 
Sent: Thursday, October 12, 2017 4:50 AM
To: SystemSupport <[email protected]>
Subject: FW: Case #xxxxxxx Contact Us - Customer Service
Comments: Please fix third party integration with Luton caseta hub. Your last firmware update broke it. If you don't fix it, I'll never buy another Luton product.

More info from the micasaverde thread:

After doing a bit of MITM of the Lutron app, I figured how to connect to the new TLS LEAP server.

Each Smart Bridge has a unique root CA called local cert. I’m not sure if it’s permanent or changes on hardware resets.
When linking the bridge to the Lutron Cloud, I believe the Lutron cloud generates an intermediary CA (called remote cert) and asks the Smart Bridge to sign it with its root.
When logging in the Lutron app, the app generates a private key and Certificate Signing Request, which it sends out to the Lutron API. The intermediary CA in the cloud signs the app certificate and returns it to the app, along with the certificate of the intermediary CA, and other bridge info (including what seems to be credentials for Xively).

The app authenticates to the Lutron API using a regular OAuth flow (one time use code flow, immediately substituted for an access token)

After the pairing request, the app connects to the Xively service and discovers the local IP of the bridge. It can then attempt to connect directly to the bridge using the client cert retrieved during the pairing.

I wrote a crude bash script that will go through the OAuth flow (you’ll need to copy paste some URL in the browser), generate a certificate, make a pairing call, and verify that the signed certificate works to connect to the bridge.
It doesn’t connect to Xively so you’ll need to provide the local IP of the bridge if you want to do the connection verification.

The script is available here: Generate a signed certificate valid to connect locally to a Lutron Caseta Smart Bridge · GitHub

I’ll let others fix their integrations. I’m not sure if the LEAP protocol has changed, but if not, it should be a simple matter of switching the SSH connection for a TLS connection authenticated with the generated cert. The certificates are valid for 10 years.

6 Likes

I see that the post I wrote already found its way here. Hope it helps people :slight_smile:

2 Likes

Thanks @mathieuh

I have updated pylutron_caseta to use SSL and login using your script. Once it is merged I will update the home assistant component.

On my local tests everything was working fine, hopefully we can get this back working soon :slight_smile:

@gurumitts This is your library, I believe with this change we should be fine. My hub is an standard caseta hub (no pro)

7 Likes

Is there a way I can get this working before HASS updates? How could I go about doing this?

I’m guessing @think and is referring to this capability of HA that allows you to customize the code in component scripts locally (see the “Warning” on this page that describes the process):

https://home-assistant.io/developers/component_loading/

Using that process, you can (I may also try this) incorporate @mathieuh 's script changes and test locally.

As an aside, I am also going to be testing accessing my Lutron Caseta switches via my Harmony Hub, by creating the necessary switches and scripts in HASS.

Happy coding…

Any update on getting the non pro bridge working again?

I was able to get it working thanks to the work of some much more talented developers which I butchered into something functional for my setup.

  1. Run this script on a Linux system to generate 2 certificate files and 1 keyfile: https://gist.github.com/mhofman/f8e1fdd5dce49abacf5fd776fb3727ce Get the files and save them in your config folder.
  2. Save my updated version of lutron_caseta.py to custom_components in your config folder: https://github.com/rdbahm/home-assistant/blob/pylutron-upgrade/homeassistant/components/lutron_caseta.py
  3. In your config, in the lutron_caseta component, add lines for “keyfile,” “certfile,” and “ca_certs,” matching the files you saved. For me, this looks like:
lutron_caseta:
  host: 192.168.1.70
  keyfile: 'privatekey.key'
  certfile: 'appcert.crt'
  ca_certs: 'remotecert.crt'

Some notes:

  • This uses my own version of pylutron_caseta. I’m bad at Git and it’ll probably break when I inevitably screw up my repository.
  • My fork of pylutron_caseta is a fork of mdonoughe 's work. I needed to change it for my purposes because certificate verification wasn’t working and because I couldn’t get the dependency to load in HASS without a tag.
  • So far, it’s working very smoothly.
  • I’m not sure how long it’ll take before we have it refined enough to put into HASS.
2 Likes

I think I did all the setup steps to use this custom script, but I’m getting the following error in my home-assistant.log:

File “/config/custom_components/lutron_caseta.py”, line 51, in setup
hass.data[LUTRON_CASETA_SMARTBRIDGE] = Smartbridge.connect(hostname=config[CONF_HOST],
AttributeError: type object ‘Smartbridge’ has no attribute ‘connect’

Seems to be saying I have no smart bridge? These problems with support for Caseta happened before I ever tried to set it up… could it be I needed to have it working previously for this custom script to work?

Appreciate any clues you may have. I’ll check other threads as well.

[EDIT: I restarted HA again (I had already restarted) and it seems to have found everything now. Thanks again for this work around]

The pylutron-caseta libary version 0.3.0 now support communication to the bridge over ssl. Big thanks to @mdonoughe for the commits.

HA changes are still in the works.

1 Like

thank you for your hard work on this - i followed along on the PR. will the other scripts/steps to get certs be included in HA docs?

yes the HA pull requests will also need to have a documentation piece.

While this is great we are going to be right back to where we were after the next update (if it ever happens). I still think we need a caseta_pro component. Would be nice to have @jhn’s work in here officially, or a derivative of it if it does not meet coding standards for the project. I have been using @jhn’s code for a long while on a pro hub and it works great. About the only thing missing functionality wise is creating scenes which should allow me to control the dim on/off speed for the Caseta controlled lights.

1 Like

I need some help. I apologize for being thick headed. I ran the script just fine and ended up with the RSA key and 2 certificates. I split these into files and modified my config with

lutron_caseta:
  host: 10.10.10.xxx
  keyfile: 'privatekey.key'
  certifle: 'appcert.crt'
  ca_certs: 'remotecert.crt'

Then I created a custom_components folder and placed the new lutron_caseta.py file in there. I created the custom_components folder under .homeassistant folder, which is where my config lives (I set up using venv instructions).

when I run the check config script, I get

2017-11-20 13:06:49 ERROR (MainThread) [homeassistant.config] Invalid config for [lutron_caseta]: [certifle] is an invalid option for [lutron_caseta]. Check: lutron_caseta->lutron_caseta->certifle. (See /home/ha/.homeassistant/configuration.yaml, line 89). Please check the docs at https://home-assistant.io/components/lutron_caseta/
2017-11-20 13:06:49 ERROR (MainThread) [homeassistant.setup] Setup failed for lutron_caseta: Invalid config.

So I guess it’s not looking for the custom component properly and trying to hand the arguments to the old lutron_caseta.py?

I’m not sure if I’ve given enough information for people to point me in the right direction but I sure could use some help.

2 Things:

  1. There’s a spelling error in your config (certifle vs. the correct certfile).
  2. With Home Assistant 0.58, the updated lutron_caseta python integration is included, so no need for the custom component. Lastly, the script the Home Assistant Caseta docs refer us to use to generate the key and certs will also spilt those into the respective files automatically, but assuming you’ve already successfully accomplished that part manually, it shouldn’t be necessary for you to do again.

There’s another thread where we’re discussion the 0.58 component. I was able to set it up successfully on my first try on a Raspberry Pi virtual environment install, some other people have had some difficulty with it though, here’s a link to that thread:

Thanks for spotting the typo!

I followed the implied suggestion to upgrade, which of course broke a raft of things, but I did get lutron working!

Thank you very much for your help. Best. Community. Ever!

My lutron has disconnected again as of this morning. Anyone else seeing the same thing?

Please see the thread here: https://github.com/gurumitts/pylutron-caseta/issues/22#issuecomment-379034042

1 Like