VERO 4K+ Remote SSH Setup

Hi, I would like to set up a way to access my Vero 4K+ from outside my home. Preferably, access it via SSH. What is the current process for setting this up?

I am running the latest version of the software.

You can port forward this using your router. This is the easiest solution.

Make sure you change the default password.

Thank you.

So I need to input the ip address of the Vero in the port forwarding of the router? Could I leave it dynamic and just change that in the router when Vero changes it or do I need a static IP?

What about using something like Dataplicity? Can that be installed on the Vero?

You can usually set the router to assign an IP based on the MAC of the device.

Your biggest problem is knowing what IP address your network has. You need something like dyndns or you could investigate ngrok which does something like dataplicity and I can confirm works on vero.

Okay. I have an AT&T Netgear router. I don’t see an option for doing port forwarding via MAC address. Rather you have to give it an IP address I believe.

2 different things. For port forwarding you tell it the IP address of Vero. So that you don’t have to keep changing that IP address, either use a static address on the Vero or set the router to always assign Vero the same address. It should be in DHCP settings of the router.

Ok. Are there directions for seeing static IP for Vero?

I would rather set the router assign Vero an address. I’ll have to dig around to find how to do this on my router. It is a Netgear Versalink B90-755025-15 from AT&T.

Unless AT&T changed the OS on the router it should be ADVANCED > Setup > LAN Setup.

Thank you. I was able to set this up successfully and I also changed the Vero’s default password as well for added safety.

Any other tips to make the connection safer? SSH is secure is it not?

Well SSH from an encryption point is secure but having any open ports to the internet has always security risks, here some generic tips (if you google “secure lock SSH” you will find more):

  1. Enable Keybased authentication and disable password based authentication
  2. Configure a second SSH server (on the same machine) that you have open to the internet and configure an unprivileged user that is only used for that SSH connection.
  3. Install fail2ban
  4. Configure that an email is sent to your email account when a succesful SSH access is done
  5. Instead of giving direct SSH access use a VPN (e.g. openvpn) as a first step to then give SSH access as second step within the VPN Tunnel

Thank you.