I’ve seen some posts about the Remote UI addon from 0.90 and I’m still confused why people would be interested in migrating to use the Remote UI option over DuckDNS, especially if they have DuckDNS working.
What are the benefits to using Remote UI that make it worth a monthly charge over using DuckDNS for free?
I think they are planning on adding things like Alexa integration. Some people think that subscribing to the cloud service is benefiting HA development.
That’s a big reason I switched to the cloud even before the remote UI availability. It just seemed to work more seamlessly than the other cobbled together options for exposing your devices to Alexa. However, Haaska was working pretty well for me for a long time before I switched. But getting Haaska set up initially was fairly complicated and required an open port.
I eventually stopped using duckdns/letsencrypt for external access and began using a VPN since the security process in HA was pretty woefully inadequate and required yet another couple of open ports. The auth inadequacies have been addressed in the recent versions of HA with the new auth systems. But now that I already have the HA cloud setup moving to the remote UI is pretty much a no-brainer. And I still have the VPN option if I feel that the remote ui poses a security risk in the future.
Right now I have no manually configured open ports at all in my router. The less openings you have in your network the safer you are. I wouldn’t say I’m “paranoid” about open ports. I would call it “a healthy respect for security”. And even then I’m sure that I’m still vulnerable to a degree.
That’s already been done; for a long ass time now… Alexa and Google Home are both already done and work great.
Yeah… “Some people think if you pay the developers, that helps fund what they do”… Duh.
I don’t personally use any feature of Nabu Casa (I still use duckdns/letsencrypt for external access, and don’t trust Amazon or Google enough to let them inside my house), but I still pay for it because the project is worth at least (much more, in actuality) $5 a month. If this were a retail project it would cost at least $150 and not have nearly as much support or integration options. Just look at Hubitat, $150 fo what? $35 in hardware and lack luster support and integration options.
And OpenHAB cloud is free. Some complain about slowness but their cloud code is open do you can setup your personal one. I believe Vera cloud is free but you need yo buy their hardware. both these systems focus on local processing like HA but all have their strengths and weaknesses IMHO.
i was using DuckDNS in the past, but switched to the remoteUI mostly so I didn’t have to forward ports on router. and as others have said, paying for the service helps support HA and considering how much HA has done for me and my home, I’m happy to pay the $5/month.
I’ve been using remoteUI since it became available, and have an automation setup so the remote connection is only active when I’m away from home.
That seems like a great idea and just may push me over the edge to sign up to Nabu Casa. Would you mind sharing how this automation works? I do have presence setup So I assume that I would just need to figure out what is the action to trigger.
- alias: 'Remote UI Disconnect'
initial_state: 'on'
trigger:
- platform: state
entity_id:
- device_tracker.galaxys8
- device_tracker.iphone
to: home
condition:
- condition: state
entity_id: device_tracker.galaxys8
state: home
- condition: state
entity_id: device_tracker.iphone
state: home
action:
service: cloud.remote_disconnect
- alias: 'Remote UI Connect'
initial_state: 'on'
trigger:
platform: state
entity_id:
- device_tracker.galaxys8
- device_tracker.iphone
to: not_home
action:
service: cloud.remote_connect
If either of us leave then the connection is turned on so we can have remote access. after the last of us arrives home then the remote access is turned off.
Does the Nabu Casa Remote UI also work for Hass.io add-ons that have their own web interfaces (and typically use different ports)? Things like VSC/IDE/Configurator, Node-Red, Grafana, etc.?
One thing I would like to do is have a PKCS12 client certificate. For my Tiny Tiny RSS server (TT-RSS), I set SSLVerifyClient to require in Apache and SSLVerifyDepth to 2. If I don’t have a client certificate, I won’t be able to login to Tiny Tiny RSS.
I would like to see verification of client certificates as an option for Home Assistant and for Remote UI. The client certificate should be well-guarded and there’s no way for hackers to log right into my Home Assistant without a client certificate. Let’s Encrypt is great and all, but I like having control using my own certificates. And yes, I already have a Certificate Authority in my pfSense virtual machine so I can manage certificates from there.
Yes, that’s a possibility. But they would still need my username and password for the HA system to access anything. And it would generally be limited to my HA install so aside from playing with my lights there wouldn’t be much to gain.
I grant that it’s not as safe as a VPN that uses an encrypted key file plus a username/password plus a HA username/password but I really doubt there is too much concern. And if for some reason that reality changes I can flip a switch in my HA and I’m right back to using my VPN for remote access.
Anything can get hacked if the hacker has enough skills. The only 100% secure protection is no internet access. At the same time the question must be asked what the interest would be for this superskilled hacker. There is no fame to win to hack a HA network.
You are home alone, asleep in bed. The heating gets turned up to maximum. The kettle is turned on and boils constantly, filling the house with steam. The garage doors start opening and closing. The cuckoo clock chimes start playing big ben. Your TV turns on, but is tuned off channel so you get only static. Lights begin to flash.
You wake up from that deep sleep, horribly confused. The whole house is unbearably hot, so you throw open the doors to your deck and step out to face …
And who will be famous?? Hardly the hacker. Sorry but a lot of this is paranoia in my opinion. There is many more serious threats. But no one seems to bother about how much info is collectedabout everyone when you are online. F.ex. download everythinf that Google store about you. Its gigabytes of info. https://www.hongkiat.com/blog/download-and-delete-everything-google-knows-about-you/