I read online that the factory settings for the Vera are secure but that there is not enough security in the coding and stuff like that, so I figured (for users like myself on OS X) that a secure connection between computer and the Vera hardware would be a good idea, using something Meerkat (Meerkat | Code Sorcery Workshop) perhaps?
I got the idea when reading this tutorial:
http://www.maclife.com/ssh_surf
Surely then even though, for example, CCTV cameras may be linked to their IP directly, if routed through Vera that their data would be secure, or if Vera does not handle this information itself, then the ability to take control of it would be dramatically reduced?
Thoughts?
An ssh tunnel would only be required if you want to have remote access to your vera unit outside of your network and be secure. There would be no reason to have a tunnel when operated inside your network. I have a server that runs ssh that I connect to from when I am way from home. I port forward the required ports to access my vera unit for security. For my phone, I use connectbot (android), for my computers I use openssh (linux). If you want remote access to your unit and not want to use MCV’s remote access, ssh and port forwarding is a good way to go.
I had a look here (Endpoint Protection - Symantec Enterprise) as to what Port Forwarding actually is: “allows you to establish a secure SSH session and then tunnel arbitrary TCP connections through it” - which is what I believed an SSH tunnel to be?!
I will have to look into this because one of the advantages of home automation is that appliances can be monitored remotely and I don’t want to leave the back door open as it were. Is there anything on this from MCV, a how to etc…
You can enable ssh on your mac and have it run all of the time. You would have some sort of dynamic dns a name setup to associate with your ip address of your internet connection. You then would open up the ssh port on your router/firewall to point to your mac. An example command to port forward via ssh would be:
ssh -L 8080:veraip:80 user@example.com
You would then point your browser to 127.0.0.1:8080 to gain access to vera’s web interface. You can also use dynamic port forwarding e.g.
ssh -D 1080 user@example.com
Then setup your web browser e.g. firefox or chrome to use socks 5 proxy and input the following into the host and port field: host: 127.0.0.1 port 1080. You can then point your browser to the ip address of your vera unit. e.g. 192.168.1.20.
Thanks garrettwp, this is very useful stuff, the boards are what make a niche products work in the real world. No matter how many times I read about DNS, Dynamic IP and the like, my understanding of them is still flakey, so I think this little project will help clear things up.
I suppose its possible to create an app on the iPhone of which does all of this SSH port connecting itself, ideally the community would like to move away from a browser based interface to something more pleasurable and easy like iOS. I’m only thinking this because my setup is Mac and I should think that the most likely scenario would be that I’d be using their portable devices when away from home.
Does iVera do SSH in this manner?
Thanks.