Agreed. I don't see any issue with anything you are doing either. The side conversation is on a tangential topic triggered by mention of Markus' driver (and really OT for this thread I guess).
1 Like
True. I agree with that point. The item I don't agree with is the disclosure statement from HE about their ability to SSH into the hub at any time they choose without notice. Also the fact for years they have said "there's nothing to see" when we all know there's an OS running the system, with access ability and logs that show the problems. So what's the issue with giving access? Is this trying to protect customers from themselves? Likely. Or is this more of a don't look behind the curtain?
True. However it is an advertised functionality of the product. You can't sell a product and then by choice out of spite cripple the sold product on a targeted basis.
3 Likes
I don't see your product as competition either. However it's about as close to competition as the Smartly dashboard was. Which led to not just the author but a whole group of people being banned because of a mention of a future hub.
Yeah... I followed the normal procession around here of taking a topic totally off topic. It's the normal thing around here. When there's something good being discussed throw out some tangent to misdirect 
Sorry. I'm done.
1 Like
Fair enough. Although I would guess (I never read the ToS) it is buried somewhere in the terms that they "can" do that (doesn't mean they necessarily "should" though. lol).
I do enjoy discussions with you @JasonJoel but out of respect for @mykesx thread I'm done here. We can take it to PM if you want. Otherwise we'll end up in time out 
3 Likes
Since this is now in the debate chamber and not impeding on RoboDomo.... 
I am no lawyer nor do I play one on TV but it seems to be in the first line of the TOS that they have carte blanche to revoke access to any customer at any time for any reason. Like most of you, I rarely read these so I have no idea if this is typical.
1 Like
This remains speculative in the absence of anyone from Hubitat Inc actually stating this. And for record, I don't know one way or the other.
Also, to address @stephen_nutt's point , AFAIK their Hubitat hubs are still working with cloud access etc.
The early days of ST but slowly rolling down that same hill I see. 
Not what I've been informed of.
1 Like
Where was this disclosed? There is the ability to remotely collect logs.. but not so sure about being able to randomly pop shells on devices.. (and it’s certainly not the ssh protocol even if it is possible, that is simply not a network path that would exist)
As I understand it, the hub establishes a persistent network connection to the cloud, which is what is used for remote access. Why would it be impossible to tunnel ssh through this connection?
1 Like
There is a persistent tunnel connection from the hub back to the cloud services. It's very likely this is using SSH as the protocol for the tunnel connection. SSH is used for more than just "shell access".
1 Like
The persistent connection is a HTTPS/SSL session I would assume, it certainly isn’t impossible to tunnel ssh over a HTTP session, but I can’t imagine that is how someone would implement it. I would buy that the hub polls a Hubitat cloud api endpoint for “jobs” and then runs those jobs. But that’s a distinct difference from an interactive shell and certainly a SSH tunnel. A full on ssh tunnel implies other functionality like port forwarding.
Yeah I disagree with this that it’s “very likely” but I have no inside knowledge. A ssh tunnel over an SSL connection like the hub establishes just doesn’t sound like a plausible way that a product would phone home. I’ve never heard of any product that implements behavior like that, but I guess we can go back and forth all day discussing something we have absolutely no inside knowledge about...
one wouldn't use ssh over an ssl tunnel....
That’s exactly my point. I haven’t looked in a while, but I’m pretty sure the hub establishes a standard ssl session to the cloud. There’s certainly a remote possibility someone would be running ssh over that but I would doubt that is what is happening. Like I said, the architecture I would expect is a cloud based API that the hub checks in with where one of those APIs might be a list of jobs that the hub should run - such as log collection. But that’s just a complete guess (just like suggesting the company can login and remotely interact with our hubs via ssh...)
Not sure why I even waded into this thread, I should have known better...
Yeah... me too. I had said I was done so now I am.
2 Likes
Perhaps so someone could advise you to lookup "reverse ssh"?
1 Like
Yup - during the covid-shutdown, I've made heavy use of reverse ssh to access my desktop. I even run AFP over that to mount desktop drives at home.
1 Like
