remote_homeassistant icon indicating copy to clipboard operation
remote_homeassistant copied to clipboard
verified publisher icon custom-components

remote node , exclude domains and entities

Open Antoled opened this issue 2 years ago • 6 comments

I am in a situation where the remote node should not expose some sensors or switches to the remote master;

The remote master must not have the ability on those entities;

This would complete this integration perfectly.

Thank you

Antoled avatar Jan 24 '23 08:01 Antoled

Hello

It would be even better if the main node establishes the connection to the remote node and you only specify at the main node which entities are transmitted to the remote node.

I have just set up a front HA in a DMZ that is accessible for Google Assistant and Alexa Voice from the Internet. I don't want to store any credentials or anything else from the main HA in the front HA, also no network connection should be possible from the front HA (remote-node) towards the main HA.

That would be perfect :)

rubinho76 avatar Oct 19 '23 11:10 rubinho76

Hello,

@jaym25

has the filtering function on the remote site now been implemented, or why has the request been closed?

If the function now exists, how is it implemented?

rubinho76 avatar Jun 25 '24 07:06 rubinho76

@rubinho76 With the Config Flow UI feature populating the selection of entities, I'm not sure this change will not cause other issues, especially when setting it up. There are also conflicts with version 4.1. If you can update this pull request and have these changes working with version 4.1 and are not experiencing any problems. I will be happy to test it on my setup and, if it works, possibly merge it. I have reopened it and await your reply.

jaym25 avatar Jun 25 '24 20:06 jaym25

@jaym25

I can't say whether it has to be exactly this pull request. I'm not that familiar with the Git-Hub system, sorry. I was just looking for a way to restrict the endities on the remote side and found this post.

In my case, the remote system is my real main system which is in a DMZ. And I have an HA instance connected to the internet for voice control via port forwarding. (As I originally wrote)

I do not want the main system to have unrestricted access to my entities on the remote site, as this represents an increased security risk.

rubinho76 avatar Jun 26 '24 05:06 rubinho76

@rubinho76 @Antoled

I understand your concern and think this would be a great addition if it will play nicely with the component as it is... If someone would like to update this pull request and get the conflicts removed and check to make sure it doesn't cause issues, it could be great improvement for security and speed purposes.

In the meantime, as long as you exclude the entities and scripts you don't want from the main instance, they will not appear there. You can also use a secure connection between the two instances which should help. I do understand that the data is being transmitted, but excluded entities and scripts are not being displayed on the main instance in the current release. As far as the reverse connection, I am using this component bidirectionally over the internet to connect 2 houses and monitor status on both ends, so I would still want to allow the reverse connection in my use case.

jaym25 avatar Jun 26 '24 19:06 jaym25