alex_willson85 wrote: ↑
Thu Jul 18, 2019 3:20 pm
Looks like there is no platform that has software update ability + remote ssh feature in one place...
Depends on what you run on your platform, and on the level of control you have over the network (incl. firewalls and NAT).
Also, SSH (or VPN) access is not always desirable. Imagine I place machines within your network at home. I have SSH access to "my" machines. I have no control over your network, of course.
Suddenly there is an attack and your home network is compromised, including "my" machines. Did the attacker come in via your router, or from mine, then through SSH/VPN?
OTA agents "call home" and besides that the machines accept little incoming connections. They only execute verified, signed... payloads. Same scenario now: your network was attacked, "my" machines compromised. But I can prove the original OS and OTA packages the machines installed since were clean. So, the attackers had to come in from your router.