enricobuehler/nanokvm-mqtt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4 Commits 1 Branch 0 Tags
a86f89fefc082562def9b097d94dd4b511833c3c
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
enricobuehler a86f89fefc implement recovery from changed token 
use exponential backoff for token retrieval
2025-11-19 21:15:27 +00:00
src
implement recovery from changed token
2025-11-19 21:15:27 +00:00
.dockerignore
initial commit
2025-11-14 20:38:30 +01:00
.gitignore
initial commit
2025-11-14 20:38:30 +01:00
biome.json
added biome linter
2025-11-14 20:40:38 +01:00
bun.lock
implement recovery from changed token
2025-11-19 21:15:27 +00:00
config-schema.json
initial commit
2025-11-14 20:38:30 +01:00
Dockerfile
initial commit
2025-11-14 20:38:30 +01:00
LICENSE
initial commit
2025-11-14 20:38:30 +01:00
package.json
implement recovery from changed token
2025-11-19 21:15:27 +00:00
README.md
initial commit
2025-11-14 20:38:30 +01:00
tsconfig.json
initial commit
2025-11-14 20:38:30 +01:00
tsdown.config.ts
initial commit
2025-11-14 20:38:30 +01:00

README.md

nanokvm-mqtt

Exposes NanoKVM API via MQTT with support for home assistant autodiscovery/config.

Implementation

This project is built with TypeScript and enforces runtime type safety where possible by using zod.

Disclaimer

Please read the License and understand that this program comes with no warranties or guarantees.

Critical Security Warning: Exposing a KVM (Keyboard, Video, Mouse) device over a network creates significant security risks, as it provides direct access to connected systems. Carefully review our security advisories below before deployment.

Usage

  1. Clone the repository
  2. Create one or multiple client configs like xxx.client.json
  3. Option A (recommended) Use docker-compose like in the provided example docker-compose.example.yml
  4. Option B Install bun and run via bun run build && bun run start
  5. Your NanoKVM(s) should now show up in home assistant via autodiscovery

Security Notices

NanoKVM

Critical vulnerability: The NanoKVM firmware currently uses a hardcoded secret key for authentication. Thats only one of the many security flaws. By default, this project includes the known hardcoded secret for compatibility.

We strongly recommend blocking every connection going in and out of the NanoKVM by default, and only allow as narrow access as possible to the web server (port 80) with return traffic. Its also recommended to only enable SSH when you need it.

Additional Security Recommendations

  • TLS/SSL: Use encrypted MQTT connections (mqtts://) with valid certificates
  • MQTT Authentication: Enable username/password authentication on your MQTT broker
  • Access Control: Implement MQTT ACLs (Access Control Lists) to restrict topic access
  • Firewall Rules: Block external access; only allow connections from trusted IPs
  • Regular Updates: Monitor for NanoKVM firmware and dependency updates

Usage with Home Assistant

Think carefully before integrating this with Home Assistant, especially if:

  • Your Home Assistant instance is publicly accessible
  • You use cloud-based integrations or remote access features
  • Multiple users have access to your Home Assistant dashboard

Recommended mitigations:

  • Keep Home Assistant on a private network only
  • Use VPN access instead of port forwarding
  • Monitor access logs regularly
  • Consider if you truly need KVM control through Home Assistant

Known Risks

Potential attack vectors include:

  • Unauthorized access to connected computers/servers
  • Keystroke injection and command execution
  • Screen capture and information disclosure
  • BIOS/firmware manipulation on connected systems
  • Lateral movement within your network
Reference in New Issue View Git Blame Copy Permalink
Description
Exposes NanoKVM API via MQTT for use with home assistant
Readme MIT 78 KiB
Languages
TypeScript 93.2%
Dockerfile 6.8%