Yes, I am getting a bit paranoid - I have reluctantly closed my open port on my router - and yes I suspect this has been answered elsewhere but there is a lot of security talk at the moment and specific things are getting hard to find.
Furthermore the Samba add-on docs are woefully inadequate given the potential for network exposure, some of the config options are not even mentioned, some don’t have an explanation for what they mean and don’t get me started on the default being "guest": true
. (Before you say anything, I am clearly not qualified to update the docs).
So in preparation for the Grand Port Reopening Ceremony at such a time as I can trust HA is secure:
- My hassio Samba add-on config is as follows. Given that the default
allow_hosts
config specifies local network ranges Is there any extra benefit security wise in only allowing one specific IP address?
{
“workgroup”: “WORKGROUP”,
“name”: “hassio”,
“guest”: false,
“map”: {
“config”: true,
“addons”: true,
“ssl”: false,
“share”: true,
“backup”: true
},
“username”: “my_username”,
“password”: “my_password”,
“interface”: “”,
“allow_hosts”: [
“10.0.0.0/8”,
“172.16.0.0/12”,
“192.168.0.0/16”
]
}