How to SSH to an Endpoint
The s-imsy platform has an Edge Service that enables a SSH to an Endpoint.
An edge service is a service hosted securely in the s-imsy network and not reliant on the internet. Once the SSH Edge Service is enabled an SSH terminal can be opened from the portal and a secure connection established to an Endpoint over the s-imsy network. This allows for remote access, without needing to expose the endpoint on the Internet directly (using a public IP address), or configuring VPNs.
Pre-Requisite
In order to SSH to the device the Endpoint is connected to SSH must be enabled on the device.
Configuring the SSH Edge Service
The Edge Services available to an Endpoint are controlled within the Routing Policy. To enable SSH either a new Routing Policy can be created or existing one can be updated.
Edit the Routing Policy
Select Edge Services
Enable the Embedded Terminal Service
Save and Apply rules
Assign the Routing Policy to an Endpoint group
Assign the Endpoint to the Endpoint group
Restricting Endpoint access to SSH
Connectivity to an Endpoint can be restricted to just SSH. This can be achieved by
Configuring a Routing Policy with
The Terminal Service enabled
One Policy Rule to drop all traffic in all directions
Applying the Routing Policy to a Endpoint Group
Applying the Endpoint to the Endpoint Group
In this configuration the endpoint is isolated and cannot communicate to any external services. The only means to connect to the Endpoint is using the SSH terminal service from the portal.
Establishing an SSH session to an Endpoint
To use the embedded termina to establish an SSH session with an endpoint
Login to the portal
Navigate to Inventory -> Endpoints
Select the Endpoint
Select the Remote Access Tab
Fill in the Username, password and port for the SSH service that is running on the Endpoint device
Select Connect to establish the SSH session
Once established the embedded terminal can be used to interact with the device