Loading
I've always wanted to integrate my smart devices into one unified control center, and I've tried many solutions until I decided to host my instance of the Home Assistant system. It opened my eyes to what is possible with as little as some evenings of debugging and trying things out. In this article series, I'll be describing my journey with a Home Assistant. In this article, I'll only focus on setting up the secure integration with my ASUS router.
Setting up Home Assistant is as easy as it can get. I chose to host mine on a Raspberry Pi 4 Model B connected directly to the WiFi router.
There are a ton of resources online already covering how to get Home Assistant running on different microcontrollers, servers, or NAS devices. There's no magic in the setup of Home Assistant, but for my purpose, I wanted to add certain integrations, which turned out to be quite time-consuming.
I wanted to be able to do automation based on whether people are in the house or not. A good and safe way to do so is to use Tailscale VPN and leverage zones to trigger automation based on GPS location, but installing yet another app to use the Home Assistant app was not an option in my family. So I chose a more radical approach to connect to my ASUS router directly and fetch devices that are connected to WiFi. If a person was connected to WiFi I'd treat it as they were at home.
To facilitate a seamless and secure connection between my ASUS router and Home Assistant, the first step was establishing SSH access on the router. This method not only promises a robust security layer but also enables direct communication for fetching connected devices' details. ASUS routers, by default, have SSH disabled to protect against unauthorized access, making the activation of this feature my initial task.
Navigating through the router's admin interface, (in my case http://router.asus.com/) I found the option under the Administration tab, labeled "System." Here, the SSH service can be enabled, and for enhanced security, I opted to allow LAN access only. This precaution ensures that SSH connections can only be made from within my local network, significantly reducing the risk of external attacks. After enabling SSH, setting a strong, unique password was crucial to fortify the access point against potential brute-force attacks.
With SSH activated on the ASUS router, the next phase involved configuring Home Assistant to establish a connection. This setup requires the generation of SSH keys, a pair of cryptographic keys that enable a secure, passwordless login. By generating these keys from the Home Assistant server and adding the public key to the router, a secure, encrypted channel was established, paving the way for direct queries to the router without the need for repeated password authentication.
Firstly I downloaded an add-on on my Home Assistant called "Terminal & SSH" and opened UI in the browser which allowed me to gain access to file structure inside my Home Assistant OS. I then followed it up using the following command to generate ssh keys:
ssh-keygen -t rsa -b 2048
I added it to the folder /config/ssh (apparently this is a recommended route)
Then I ran the command:
chmod 600 /config/ssh/your_private_key_filename
This makes sure that only the owner has permission to this file.
I navigated into the .ssh folder and used
cat "filename".pub
it to print out the contexts and Shift + "select with mouse" to copy the printed public key. This key I've pasted this into Authorized Keys in my SSH router settings.
The last thing I did was to add ASUSWRT integration. There I filled out the following information:
If the path does not work try using postfix / before the route like this: /config/ssh/asus_router. This can vary depending on the version you're using.
The port I've specified is the same port as the one set up in router admin settings and the username is the same as my username for the WiFi router.
This took me a lot of trial and error to get working, although I'm very familiar with working with SSH keys and securing connections. One of the things I've found out is that for some reason it did not work to create SSH keys under the .ssh folder inside the home user folder, as I'm normally used to. ASUSWRT then throws an unexpected error and logs don't return any meaningful messages. Not sure what's the point of specifying the folder, but I only managed to get it working when SSH was placed under the "config" folder.
The other issue I've encountered was that Phones / iPhones were not showing. I had to enable unknown/unnamed devices in the Integration settings and reboot Home Assistant. Then I received a full list of connected devices. Only then I could see iPhones on my network and based on the MAC address of the phone pulled from the Asus router dashboard, enable integration and add a meaningful name to it.
Next in the series: Handling notifications on- and off-site I'll be describing methods I used to send notifications leveraging telegram bot and home assistant notifications.