Hello everyone,

I’m a software developer and I noticed that the SSH add-on doesn’t allow you to configure anything except AllowTcpForwarding inside sshd_config

I think it would be useful to be able to configure other options as well, especially from a security standpoint.

My setup

• I run HA-OS inside a VM configured with a macvtap network interface.
• The host machine (RHEL-based OS) communicates with the VM trough a secondary private network, not exposed to the rest of the LAN (this is due to how macvtap works).

Example use case

Being able to set ListenAddress inside sshd_config would allow users to reduce the attack surface to a potential attacker that gained access to the LAN, binding SSHD only on the Host-VM interface.

Questions

1. Has this ever been considered by the community?
2. I’m willing to put in the work to implement it myself, if the community agrees with me this would be a welcome feature.
3. I can’t find any tests being run on the SSH add-on. Are there any? I feel like I’m missing something.

Cheers!

For advanced SSH access use the community addon.

Also you should not be messing with the lower level systems on a Home Assistant OS install. This is managed for you.

If you have security recommendations please make them to the HA OS developers in the HA OS developers discord channel.

It’s already there, sorry I missed that.

What do you mean by this?

I mean if you wan t a system that allows you to mess with the OS don’t choose the HA OS install method.