[Feature request]: Network Key and Pan ID / Extended Pan ID auto generated during install to minimize insecure installs #16188
Comments
|
I found that while the docs say it can't be done when using the HA addon, it's not that hard (or I'm missing something). Warning: You need to repair all devices after you do that!!
|
This is useful but I created this issue with the hopes of changing the default install behavior of z2m to be a secure install not using known keys, not just the ability to change settings after install. |
|
Sure, that would be even better 👍 |
|
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days |
|
Still needs to be resolved
…On Wed, Mar 1, 2023 at 6:02 PM github-actions[bot] ***@***.***> wrote:
This issue is stale because it has been open 30 days with no activity.
Remove stale label or comment or this will be closed in 7 days
—
Reply to this email directly, view it on GitHub
<#16188 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB53NZSQ27P7YWKV2SXTMQDWZ7PSJANCNFSM6AAAAAAT4BFHME>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
I agree this is an important issue. Insecure defaults are one of the most common category of security vulnerabilities in systems design. Most people setting up a zigbee network are looking to get started as quickly as possible and have little knowledge at the beginning. However, by the time they learn about this problem, they may have invested time and effort in setting up a large network with many devices - having to re-pair each of them creates a lot of friction which may lead to continuing with the insecure default configuration. The proposed solution of random key generation at installation time is a good one. Let's please keep in mind the various ways that people first install or run zigbee2mqtt. In particular, Docker or other declarative, minimal configuration setups. Further, I think this warrants showing a warning in the zigbee2mqtt web UI with a link to instructions on how to improve network security. Are there any constraints, considerations, or concerns from the project maintainers? |
|
This is a huge security hole. And a lot of time spent looking for problems. I have three neighbors with default settings and devices walk between networks. I'm the only smart one who will change the panid soon. And they don't know and will suffer until I tell them what to do. |
|
after all , after changing the PanID , you still need to repaired all devices !!! and at the first initial installation, there are no linked devices yet. Thanks! |
|
bump before the bot gets here.. still hoping to have this looked at by @Koenkk |
|
bump |
|
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days |
|
bad bot, not stale.
…On Thu, May 18, 2023 at 7:03 PM github-actions[bot] < ***@***.***> wrote:
This issue is stale because it has been open 30 days with no activity.
Remove stale label or comment or this will be closed in 7 days
—
Reply to this email directly, view it on GitHub
<#16188 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB53NZXJZVF7SGOU3WYFNCDXG22DPANCNFSM6AAAAAAT4BFHME>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
dont even think about it bot. still open! |
|
There is actually already support to generate a random network key by setting it to I vaguely remember there being talk about moving Might have been a mix of different issues and PRs:
|
|
Yes, please implement random default; using a preconfigured static value is dumb. |
Looks like you can set |
|
continuing to hope for a reply from the maintainer here |
|
I'm fine with doing this, but the thing holding me back is that the people who run a |
I understand your hesitation but if this is increasing security for all new installs I believe it warrants a breaking change for the minority of people using git clone. |
|
I will check if I can implement something non-breaking. |
|
IIRC, it's possible to add a file to also, people who run it from a git checkout (me included) are expected to be savvy enough to deal with breaking changes. but now i'll need to disassemble a couple of wall sockets to properly secure my network, which is certainly more headache than a dirty |
|
I've made a PR to fix this issue (without introducing a breaking change). Please let me know if this is what you expect: #18357 |
|
your PR generates a random |
|
Not needed if only having one 15.4 network in radio range but if not they must being unique or you is getting conflicts and strange problems in some cases. |
Yes I agree, I opened this issue to solve the problems of an insecure install due to all three of these (network_key, pan_id, ext_pan_id) not just network_key. This came to light after realizing zha does randomize all of these things during first install. I will also note that zha does an initial energy scan and chooses the best channel for you, which frankly I also think is a great QoL feature. |
|
ZHA is also warning if using Z2M standard network setting that is also good made and the energy scan is also good if having problems but its normally no danger if getting one warning then i have my production network over lapping with my WiFi and is normally not having problems but is getting wearing at most start of ZHA. |
|
pan_id/ext_pan_id has nothing to do with security (see #18357 (comment)) |
So you can also see it but in in Zigbee and other 802.15.4 network its one part of the security configuration. |
* fix: Add secure default config. #16188 * Enable frontend by default
|
Closing this now as |
|
@Koenkk docker install instructions told me to download https://raw.githubusercontent.com/Koenkk/zigbee2mqtt/master/data/configuration.yaml, which does not have the values set to GENERATE. Does that mean no secure defaults for new docker installations? |
|
There's also an example here: https://github.com/Koenkk/zigbee2mqtt/blob/master/data/configuration.example.yaml |
|
Perhaps the instructions need updating in that case |
|
@louis-lau would you mind making a PR to update the instructions? |
|
Took me much longer than it should have (life), but see Koenkk/zigbee2mqtt.io#3329 :) |
Is your feature request related to a problem? Please describe
While learning more about zigbee and z2m in the home assistant discord server I have been made aware that my install is far from secure. Per: https://www.zigbee2mqtt.io/advanced/zigbee/03_secure_network.html#change-zigbee-network-encryption-key it says the install uses a default encryption key and pan ID and extended pan ID. It also states we are unable to generate the key ourselves when using the addon inside home assistant OS. I find this default install behavior to be very worrying and I request that there be a way to automatically generate both a random network key and pan ID to make this a noob-friendly installation experience.
Describe the solution you'd like
Automatically generate randomized network key and pan ID and extended pan ID during installation process.
Describe alternatives you've considered
Alternatively, a required set of options for both network key and pan ID and extended pan ID in the configuration tab with accompanying documentation in the documentation tab of the addon.
Additional context
No additional context to give, let me know if you want any added information.
Stale bot closed this issue and I was unable to reopen so I made a new one: #14868
The text was updated successfully, but these errors were encountered: