Creating a Secure Tunnel for an SSH Connection

You can connect to a device through a secure tunnel using an SSH client application, including a file transfer client such as WinSCP.

You need the following:

your user name, password, and URL for Device Cloud
pop-up blocking disabled for the Device Cloud website
the user name and password for an account on the device
an SSH server running on the device
the Python device manager running on the device with the remote_login action enabled and SSH enabled in the remote_access_support attribute in the iot.cfg file
the device connected to Device Cloud

In your browser's address bar, type the URL you were given when you received your Device Cloud account, and then on the Sign In page, type your user name and password in the boxes.
If the device you want to access is not connected to your default organization, select Switch organization on the LaunchPad and select the organization to which your device is connected.
Click Remote Access.
On the Remote Device Access page, click the Connect icon of the device to which you want to connect.
In the Connection Type list in the Connect window, select SSH:portNum, where portNum is the port shown in the Connection Type list.
(Optional) To override the default settings, select CUSTOM from the Connection Type drop-down, the Advanced Settings fields are displayed, change the settings as follows:
1. To override the default value shown in the Connection Type window, type the port you want to use in the Connection Port box.
  
  The port must match the port the server on the device uses. Typically, you only need to change this value if the server on the device runs on multiple ports, for example VNC.
2. In the Maximum Session Duration box, type the number of hours or minutes you want the connection to stay open.
  
  The maximum value is 24 hours and 0 minutes.
3. Select the Reconnect check box. This option is disabled by default. Enabling Reconnect supports automatic reconnection to the local TCP sockets when the connection drops.
  
  Note:
  If you are unable to see the Reconnect check box, an error "The version running on the device does not support Reconnect" is displayed if the current Python agent is not supported on the device.
  
  Reconnect is automatically enabled when HTTP (80), and HTTPS (443) connection types are selected and disabled by default for SSH, TELNET, RDP and VNC protocols.
4. Select the Enable Web Proxy check box. This option is disabled by default. Fill in the required fields to connect or reconnect to a device using a proxy server.
  
  This option reconnects applications on the device to Device Cloud through a proxy server using SOCKS4, SOCKS5, and HTTP protocols.
Click CONNECT.

If this is the first time you started a secure tunnel, the Download Plugin window opens.

Note:
LaunchPad detects the operating system on which the web browser runs, for example, Windows (32-bit or 64-bit), Mac OS X 10.10 or later, or Linux (64-bit DEB or RPM) operating systems, and displays the DOWNLOAD PLUGIN button to enable you download the plugin, specific to that operating system. For more information, see Installing the Plugin on Windows and Introduction to Remote Device Access: Host Requirements for Remote Access.
In the SSH Connection Parameters window, take note of the host and the port and then click OK, for example:
Open the third-party SSH client application you want to use for the SSH session and specify the values for the host and port you noted in the previous step. For more information, see Third-Party Tool Configuration for Remote Tunnel Access.
The tunnel stays open until one of the following occurs:
- the timeout specified in the Maximum Session Duration box is reached (the default value is one hour or the value specified in the device configuration)
- the SSH client application on Windows terminates