1 Answer
- Newest
- Most votes
- Most comments
1
Hi Fernanda. Secure tunneling doesn't require port 22 to be open. The aim of the feature is to provide access without opening additional ports.
Relevant content
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Are you sure? It only works when I leave port 22 open, and reading from the aws blog they do in fact use port 22 (https://aws.amazon.com/blogs/iot/introducing-secure-tunneling-for-aws-iot-device-management-a-new-secure-way-to-troubleshoot-iot-devices/). When I check while using ssh via tunneling, it also displays that it is using port 22:
I also noticed when configurating the tunnel, that when selecting manual, if I don't write SSH it throws this error:
So I thought maybe there is a specific format to declare that I want to use a port different to 22
That blog is just using port 22 for the local connection to localproxy on the device. As does the secure tunneling component (and AWS IoT Device Client). However, port 22 isn't used for the device-cloud communications. For example, I can run Greengrass in an EC2 instance and make a secure tunneling connection without opening port 22 in the security group.
Example TCP connections on a Greengrass device in EC2, with secure tunneling active:
I understand that port 22 in not communicated to the cloud, but my intention is to not to use port 22 for anything, including the local connection. Given that I can configure my device to allow ssh in another port, I would prefer to do that.
Device Client at this moment does not have the capability to use a different post for secure tunneling feature. You can cut a feature request or you can contribute to the repository and update the code by yourself. Local proxy does provides support for it. If you wish, you can also use local proxy for secure tunneling feature. https://github.com/aws-samples/aws-iot-securetunneling-localproxy