SSH connection to remotely deployed unit

1

Hello all,

We’re hoping to have complete control over a unit (using SSH) that will only be connected by cell. I’m sure this is possible somehow but we’re looking to get a rough idea of how feasible this is before acquiring a SIM/data plan with a static public IP address.

Thanks in advance, any input is greatly appreciated.

2

Hello Nick

I wait answer about sim contract with vpn. My main contact is Future Electronic France who buy for my company mangoh board and wp module.

Future electronic are very closed to Sierra to propose sim contract with vpn access. You can find on the website the contact for your country.

Francis.

3

Thanks Francis!

Our problem won’t be getting the SIM card. We just want to confirm whether anyone has had any issues SSH’ing in from the WAN side before? We suspect that we can simply get a static IP SIM card and and SSH to :22 and get full control of our remote units, but just want to confirm before we go out registering for static SIM cards.

4

I will look at your problem Jan 2. We do quite a bit with Mangoh and I have systems on a private APN that although not a public IP address, will permit me to test the remote access. I know that you can ssh into a remote device, what I don’t know is how long it will continue to be accessible after sitting idle. If you have a data session, most likely it will drop after a period of inactivity.
Chuck

5

I think by default there is a firewall rule that prevents inbound ssh access on the rmnet0 interface. I forget the exact name of the file, but it’s something like /etc/iptables/rules.v4

You should be able to modify the file to enable inbound ssh. You will of course need to ensure that the data connection is up.

6

Hey everyone,

Thanks for the great replies. We’ll share our results here if we end up doing this.

7

Nick,

Looking at it from outside Legato and more from the SIM/network side of things. Typically people do not have the ability to SSH from a server into a unit because of the restrictions there are around getting your hands on a SIM with a public IP address (its not impossible). Most people do one of the following

  • Maintain a permanent IP connection between the UE/mobile (in this case the WP), this is becoming more popular with LTE, it was not in the past with 2G as there wee too many limitations.
  • Have their own APN with a service provider which means you can easily have statically assigned IP addresses and also gets around a lot of the security concerns, but is not good for low volume/prototyping applications.
  • Live with the unit dialing in periodically to deliver data.
  • Have some other form of trigger mechanism to get the unit to initiate the connection such as SMS’ing it (popular back in the day with 2G).

Hope that helps a little.

Regards

Matt

8

Hello @nick ,

Any news about this topic ? I am interested by a way of sshing to my device to perform FOTA.