Encrypt UART over SSH

james.webster1 · May 15, 2020, 6:52am

We are currently working on a project using the UART functionality of the br1 m2m. We using the UART client mode to connect to a server over public IP’s and one potential issue that we forsee is that the data is sent over telnet and as such all transmissions are in the clear.

We were wondering if it would be possible to offer SSH client and server functionality for this connection so as to be able to encrypt this communication.

I imagine this would also be useful where providing OOB support to RS232 devices that require username and password access as the current method means those credentials are sent in the clear and could potentially be sniffed.

sitloongs · May 19, 2020, 9:59pm

@james.webster1

Would you be able to provide more info for this ? Seem it’s a public IP why you still need using the UART ?

james.webster1 · May 20, 2020, 12:13am

Hi @sitloongs

We have a customer with a controller board which is only able to be controlled over a rs232 serial connection. They temporally deploy these in various parts of the country for a few days at a time and need to manage and monitor them.
We are using the br1 m2m to make the serial connection and then in UART Client mode, connect back to a server which can see and manage the devices. We are trying to avoid speedfusion or any vpn at the moment to keep traffic down as the project has a data budget of ~200Mb per month which is why we were asking about being able to make the data session be SSH instead of telnet.

Thanks
James

sitloongs · May 20, 2020, 12:43am

@james.webster1

As i know SSH normally is a client server connection, you mean the controller board supported that ?

james.webster1 · May 21, 2020, 2:18am

Hi @sitloongs
Sorry, I think I may have confused something here.

Let use an example:

I have a cisco router with a RS232 OOB management port.

I have a BR1 M2M with IP address 1.1.1.1

I connect the BR1 M2M’s UART port to the Cisco RS232 device

I configure the RS232 connection settings on the BR1 and then enable Server mode for the connection. as per: Connecting a serial device to the IP network with Pepwave MAX

From my laptop then I can open a terminal window and Telnet to the BR1 M2M on the 1.1.1.1 ip address, and i will be able to issue commands to the cisco router. This ip communication though is un-encrypted and as such could be sniffed by devices between the m2m and the laptop.

What i am asking for is to replace the Telnet part with SSH so the communication between my laptop and the BR1 M2M is encrypted.

For the actual project though we want to use the client mode and have the BR1 connect to a server acting as a SSH server to then allow the server to communicate with the serial connected device. .

thanks
James