I’m trying out home assistant for the first time. I already installed samba and ssh add-ons and I notice that both of them require extra password to be specified. Isn’t it possible to use my standard account username name and password?
as far as i know you can use any password you want.
Obviously, I can use any password I want. My point is that I don’t want to specify yet another password. I already have an account username and password to login to the UI, and I would like to use the same (without specifying it again) for samba access.
I just discovered that there is yet another password to be defined for http api, which is actually the one used for the android app. Why can’t I use my standard account there either? I’m beginning not to like this.
Sorry. I misunderstood your comment.
copy/paste is your friend… 
You still misunderstand my comment. Let’s wait… perhaps somebody else has something.
For best security practices you would specify a different (strong) password for every log in. Store them in a password manager.
Those addons are totally separate applications. If they had direct access to authentication details of Home Assistant that could be a huge security issue.
That being said, I think the developers are working on a solution where at least some addons (web based) can make use of your login-data. At least that’s what it looks like here with the configurator addon (PR not done yet apparently). If that turns out to work, addon-developers could add this way of authentication for their addons. But things like Samba probably won’t benefit from this.
1 Like
@tom_l I’m afraid it goes completely the opposite way. You need to have one password, defined only once (not once for samba, once for ssh, once for UI login and once for api). This password needs to change often and should be preferably secured with two-step authentication. Having multiple passwords leads to weaker security, since it’s more difficult to change them, so you end up having the same for years. Especially when these passwords are stored unencrypted in clear text files.
@danielperna84 yes, if all add-ons had access to the password that would be a huge security issue. A base layer should provide some infrastructure for the add-ons to use.
Password managers have encrypted storage. The passwords are not saved in clear text. Unique passwords for all sites prevents multiple accounts being compromised from one intrusion.
You didn’t get my point. I’m using a password manager too. They are great.
Home Assistant stores passwords in clear text, at least for ssh and samba, in text files. At least the user account password for login is hashed. That is what I said is not safe.
Also, my point wasn’t to use the same password for all these services. My point was that there should be one password defined in a single place.
Daniel already answered my question. Thanks.
1 Like