Establish a secure Spacebridge tunnel to a device using ssh

Hologram provides a service called Spacebridge that allows you to create secure authenticated tunnels to send data to a device with a Hologram SIM card connected to the cellular network. With Spacebridge, you can send inbound traffic to any port on the device.

Tunneling without the Spacebridge desktop client

The officially supported Spacebridge client is a convenient wrapper around Hologram API calls and an SSH client. In environments where a GUI application isn't appropriate, you can use these standard protocols to open a secure tunnel directly.

These instructions are for Linux with OpenSSH and assume that you've already enabled tunneling for your device in the dashboard (covered in the section above).

Generate a SSH key and upload to the Hologram API

You only need to complete this section the first time you're setting up the tunnel on this computer. If you already have an SSH key-pair that you'd like to use, skip to step 2.

  1. Use ssh-keygen to generate a SSH key-pair:
    bash ssh-keygen -f spacebridge.key -b 4096
    You'll see a prompt asking if you want to put a password on the key. We recommend this for enhanced security.  
  2. Upload your public key to the Hologram API. In the code below, replace "~APIKEY~" with your Hologram API key. Your personal API can be found in your dashboard by clicking on the Account section in the main menu and selecting API tab at the top of the screen. If you are using a key that you already generated, replace the filename in the export command.

The filename ends in .pub, not .key.

If you use the .key file this will upload your private key which you don't want to do.

bash PUBKEY=$(cat spacebridge.key.pub); curl -X POST -H "Content-Type: application/json" -d "{\"public_key\":\"$PUBKEY\"}" "https://dashboard.hologram.io/api/1/tunnelkeys?apikey=~APIKEY~"

You should get a successful response back.

Open the Tunnel by Running SSH With Port Forwarding

  1. Look up the link ID for the SIM you are trying to tunnel into. You can find this on the Dashboard by clicking on the plus sign next to the SIM number.
  2. The command below will open up the tunnel. You can see in this command where you would replace the link ID with your own ID. In this case, port 22 is the port on the device, and port 5000 is the local port being forwarded. Replace spacebridge.key with whatever private key you are using. This should be key file that goes with the .pub file that you uploaded to the Hologram API.
    bash ssh -p 999 -L 5000:link10311:22 -N -i spacebridge.key htunnel@tunnel.hologram.io
  3. You should now be able to connect to port 22 on your device from port 5000 on the local host.
Was this article helpful?
0 out of 2 found this helpful