Bosch IoT Device Management - will be discontinued by mid 2024

SSH tunneling

SSH tunneling is a method of transporting data over an encrypted SSH connection. It can be used to access endpoints that are protected by a firewall or to add encryption to an otherwise unencrypted channel. Tunneling is part of the Secure Shell (SSH) Connection Protocol, RFC4254 and is also referred to as local or remote port forwarding.

A connection managed within the Things service supports establishing an SSH tunnel (local port forwarding) to connect to the target endpoint. You can enable and configure it in the connection management section of the Things UI. Once configured, Things service takes care of creating a tunnel and connecting to it, in order to establish a connection to the actual endpoint.

The state of the tunnel is reported in the connection logging section in the UI. This can be very helpful to diagnose connectivity problems.

Tunnel configuration

The following information is required to configure a tunnel:

SSH host

The host and port of the SSH server provided in the format ssh://<host>:<port>.

Credentials

The credentials used to authenticate at the SSH server. Things supports password authentication and public key authentication.

Host validation


It is highly recommended to enable validation of the SSH host in productive systems.
Nevertheless, it might be helpful to disable it temporarily for testing purposes.

A list of accepted public key fingerprints can be configured in the configuration of the SSH tunnel.

Example

This screenshot shows an example of how such a configuration might look like.
images/confluence/download/attachments/2394033565/ssh-for-managed-connection.png

Further reading

In case you need to manage the connection settings via HTTP API, see PUT ​/solutions​/{solutionId}​/namespaces​/{namespaceId}

The blog post Support SSH tunneling for managed connections also provides a brief introduction. All details are provides in the Eclipse Ditto documentation.