Freedom Robotics Introducing: SSH From Anywhere for Robots

Hans Lee (CTO)
Hans Lee (CTO) | 3 min read
Sep 09, 2019 |

Product Announcement

Introducing the ability to SSH into your robot from anywhere, securely, in one click, through Freedom Robotic's API.

 

You Always Need To Access Your Robot When You Can’t Get It

One of the simplest, but most frustrating, challenges of developing robots is simply being able to log into them when you really need to - from anywhere. The reason is that most times a robot fails, they do so because of a change in environment, instability in a system or interaction with a human. And… it isn’t in your lab sitting right next to you. Therefore, we have gotten many requests for both operations teams and developers to have a simple way to access their robots without dealing with IP addresses, firewalls, etc.

Something like this:

ssh user@myrobot.anywhere

But you currently need to know the local host name / IP or make your device publicly visible with a public and static IP. This doesn’t scale, is prone to break and will give different results based on which office networks a user is on.

ssh user@192.168.10.34

And, many times, with the firewalls which exist, you can’t even get to the correct ports, disabling stable connections completely.

Every time you want to log in to your robot, it seems that you can't access it because you can't find it's IP, services are down or something has gone wrong with your VPN or VNC.

 

Why Is It Hard Today?

With standard technology that comes with Linux, this is not easily feasible. The difference between accessing a server and a robot is that servers:

  • Stay on a fixed network
  • Have an expectation of connectivity 99% of the time
  • Are visible on a local network
  • Have known security levels

Robots are exactly the opposite:

  • Go offline regularly
  • Switch between wired, wireless, cellular connections
  • Change their IP regularly and accidentally
  • Are usually behind firewalls or separate networks
  • Are usually set up by end-users, where you don’t have control

So, the IP-based technology for looking up the location of a device falls apart.

 

What Is Freedom’s Remote SSH

The solution is to enable a secure and simple publicly knowable location a device can be accessed from. Given that any port which is open is a security vulnerability, you also only want to expose a port for the minimum time necessary to log in and triage or work with your device.

Implementation details:

  • Proxy encrypted traffic through a known point from both sides
  • Pop up, secure, reverse tunnels for SSH
  • Works with locked down firewalls
  • Shuts down 30 minutes after you disconnect
  • You control certificates and passwords

It works by proxying the encrypted SSH communication between our known server (without decoding it). This means that both sides can easily communicate - even behind firewalls, on different networks and when they are half way around the world.

 

How Do I Enable Remote SSH On My Robot?

It is already there as part of the Freedom agent! There is nothing you have to do to install on your devices.

 

One Click In The App

Go to your device’s SETTINGS -> REMOTE SSH then click ENABLE REMOTE SSH.

Enable Remote SSH

It will send a command to your robot to create a pop up tunnel and will then return the short-lived port connection which will be available for logging in to your device.

SSH Command Copy/Paste

When you log in, it is a standard SSH connection which is identical to locally sshing in over your network. If you are not active for 30 minutes on the connection, it will automatically shut down and you will need to click again to re-enable it with a different port location. API Access for Launching Remote SSH

 

Or Do It On The API

You also have the ability to programmatically enable SSH tunnels and shut them down across your fleet.

Send a HTTP PUT command to the agent through the /accounts/ID/devices/ID/commands endpoint. Please see the reference docs for more details. You just need to set a uid for your command so you can find the response later.

[{ "uid": "PBX9XLTM5P79HX85PHYH", "platform": "mission_control_controller", "command": "enable_remote_ssh", "expiration_secs": 100, "data": { "setup_automatically": true, "enable": true, } }]

A few seconds later, the device will send back details of your connection. You can access them with a HTTP GET on /accounts/ID/devices/ID/data?platform=mission_control_controller&start_time=-30s. When you look for your uid in the list of returned commands, you will see a success or failure and then the details to log in.

[{ "command_received": { "account": "D_MY_ACCOUNT", "uid": "PBX9XLTM5P79HX85PHYH", "age": 0.641, "platform": "mission_control_controller", "command": "enable_remote_ssh", "device": "D_MY_DEVICE", "expiration_secs": 100, "data": { "setup_automatically": true, "enable": true, }, }, "result": { "execution_time": 3.76, "details": { "password_login_enabled": true, "permit_root_login": false, "command": "ssh freedom@tunnel.freedomrobotics.ai -p 11314", "user": "freedom", "address": "tunnel.freedomrobotics.ai", "port": 11314, "user_has_password": true }, "success": true }, }]

You can either paste in the “command” as a human or parse the address, port and user.

 

Wrapping Up

We designed this feature for our customers, but also for ourselves, as it always seems there is a robot we need to tweak, or details to understand, or a customer to support, where they can’t log in to do the basic, 30 second task, which would make them successful.

Happy SSHing!

Try it for free for 14 days