Introducing the ability to SSH into your robot from anywhere, securely, in one click, through Freedom Robotic's API.
You Always Need To Access Your Robot When You Can’t Get It
One of the simplest, but most frustrating, challenges of developing robots is simply being able to log into them when you really need to - from anywhere. The reason is that most times a robot fails, they do so because of a change in environment, instability in a system or interaction with a human. And… it isn’t in your lab sitting right next to you. Therefore, we have gotten many requests for both operations teams and developers to have a simple way to access their robots without dealing with IP addresses, firewalls, etc.
Something like this:
But you currently need to know the local host name / IP or make your device publicly visible with a public and static IP. This doesn’t scale, is prone to break and will give different results based on which office networks a user is on.
And, many times, with the firewalls which exist, you can’t even get to the correct ports, disabling stable connections completely.
Every time you want to log in to your robot, it seems that you can't access it because you can't find it's IP, services are down or something has gone wrong with your VPN or VNC.
Why Is It Hard Today?
With standard technology that comes with Linux, this is not easily feasible. The difference between accessing a server and a robot is that servers:
- Stay on a fixed network
- Have an expectation of connectivity 99% of the time
- Are visible on a local network
- Have known security levels
Robots are exactly the opposite:
- Go offline regularly
- Switch between wired, wireless, cellular connections
- Change their IP regularly and accidentally
- Are usually behind firewalls or separate networks
- Are usually set up by end-users, where you don’t have control
So, the IP-based technology for looking up the location of a device falls apart.
What Is Freedom’s Remote SSH
The solution is to enable a secure and simple publicly knowable location a device can be accessed from. Given that any port which is open is a security vulnerability, you also only want to expose a port for the minimum time necessary to log in and triage or work with your device.
- Proxy encrypted traffic through a known point from both sides
- Pop up, secure, reverse tunnels for SSH
- Works with locked down firewalls
- Shuts down 30 minutes after you disconnect
- You control certificates and passwords
It works by proxying the encrypted SSH communication between our known server (without decoding it). This means that both sides can easily communicate - even behind firewalls, on different networks and when they are half way around the world.
How Do I Enable Remote SSH On My Robot?
It is already there as part of the Freedom agent! There is nothing you have to do to install on your devices.
One Click In The App
Go to your device’s SETTINGS -> REMOTE SSH then click ENABLE REMOTE SSH.
It will send a command to your robot to create a pop up tunnel and will then return the short-lived port connection which will be available for logging in to your device.
When you log in, it is a standard SSH connection which is identical to locally sshing in over your network. If you are not active for 30 minutes on the connection, it will automatically shut down and you will need to click again to re-enable it with a different port location. API Access for Launching Remote SSH
Or Do It On The API
You also have the ability to programmatically enable SSH tunnels and shut them down across your fleet.
Send a HTTP PUT command to the agent through the /accounts/ID/devices/ID/commands endpoint. Please see the reference docs for more details. You just need to set a uid for your command so you can find the response later.
A few seconds later, the device will send back details of your connection. You can access them with a HTTP GET on /accounts/ID/devices/ID/data?platform=mission_control_controller&start_time=-30s. When you look for your uid in the list of returned commands, you will see a success or failure and then the details to log in.
"command": "ssh firstname.lastname@example.org -p 11314",
You can either paste in the “command” as a human or parse the address, port and user.
We designed this feature for our customers, but also for ourselves, as it always seems there is a robot we need to tweak, or details to understand, or a customer to support, where they can’t log in to do the basic, 30 second task, which would make them successful.