OpenHAB 3 WiFi Hotspot password setup

From Openhabian Installation Guide:

WiFi Hotspot

Whenever the WiFi interface wlan0 exists but does not have connectivity, openHABian will launch a Hotspot. When you use your mobile phone to scan for WiFi networks, you should be seeing a new network called openHABian-<n>. Connecting will work without a password. Once connected, open your browser and point it at http://raspberrypi.local or http://comitup-<n>. This may or may not work for your mobile browser as it requires Bonjour/ZeroConf abilities. If you cannot connect to this address, go to On that page you can select the SSID of the network you want to connect your system to. Provide the password and press the button. Note that as soon as you do, the wlan0 IP address changes so your mobile browser will not be able to provide you any feedback if that worked out. Try to ping the new system’s hostname (default is openHABianDevice) or check DHCP on your router if your openHABian system appeared there. For more information on this feature see comitup-cli (opens new window). You can use sudo comitup-cli inside openHABian to change networks and eventually remove network credentials. Note the hotspot may not only become available during installation: it will remain on standby and will show up again every time your wlan0 interface is losing connectivity. The hotspot feature is known to work on RPi 0W, 3 and 4 but is known to often expose problems with WiFi USB adapters.

My question: how can i setup a passsword for this Hotspot?
If i turn off my wifi, somebody can connect to my raspberry and gain full access to openhab

You cannot but there should not be a need to.
The hotspot should be dropped when you authenticate with your own WiFi.
(and even if not there is nothing you can do on that network except to authenticate with any of the networks in range - if you know their password only of course).

This scenario is possible: if my home Wi-Fi accidentally freezes, the access point will start without a password, and one of my neighbors will be able to enter credentials of his Wi-Fi access points, raspberry will connect to his network and thus he will get access to the openhаb and linux OS.

How can this scenario be avoided? only by disabling the hotspot in “boot\openhabian.conf” during the first installation?

no it won’t start

Why not?

from Openhab guide:

Note the hotspot may not only become available during installation: it will remain on standby and will show up again every time your wlan0 interface is losing connectivity.

As far as I understand, if my wifi turns off or hangs, the access point will start on the raspberry. Or not?
this guide is a little confusing

I agree it’s confusing but that’s what I understand the original software docs say. I haven’t tried it myself. Try yourself please and report back here.
I think your scenario is way overdone and paranoid. But you can stop the hotspot service at any time if you disagree.

Just tried, hotspot is working strangely((
I installed openhab with enabled Hotspot in “boot\openhabian.conf”.
At first start it create AP with ssid “openHABian-9” to which I was able to connect without password. By going to I was able to choose my home wifi and enter the password for it. Hotspot was turned off automaticaly. Then the installation went fine.
After successful installation of Openhab i tried to disable my home wi-fi. The hotspot was again started on the raspberry side, BUT… by going to the page with the list of available access points no longer opens(( …although i can see the openhab interface on and SSH is working too.

Is this normal hotspot behavior?

I don’t know, ask the author. But I’d think it’s reasonable. Hotspot is there to get you going on WiFi, not as a fallback in artificial self-triggered fallback scenarios.

Yes, you can add a password to the comitup hotspot. See the ap_password parameter in /etc/comitup.conf.

As you said, the hotspot will come back up if your wifi goes down (just like your Google devices), so this could be a valid issue for you.

i don’t know the specifics of what you are running, but there was a bug in comitup that looked similar, when accessing from IOS. Fixed in 1.8, Nov 2019.