Remote Access¶
Linux devices in the field typically sit behind NAT, firewalls, or cellular connections with no inbound ports open. You cannot SSH to them directly. Qbee's remote access solves this by establishing an encrypted tunnel between you and the device, initiated outbound by the agent over HTTPS (TCP port 443). No VPN, no open ports, no public IP address required.
How It Works¶
The agent maintains a persistent outbound connection to geographically distributed relay servers. When you open a session from your browser or a local client, the relay bridges your connection to the agent's tunnel. All traffic is TLS-encrypted with unique keys per device. You connect by device identity, not IP address, and the tunnel uses minimal bandwidth when idle.
The tunnel carries terminal sessions, port forwarding, and file transfers. Once connected, you can reach not only the device itself but other devices on its local network. Remote access events are recorded in the audit log. Console sessions in the web UI time out after 5 minutes of inactivity.
Remote access can be enabled or disabled through settings in the console, or turned off entirely on the agent side. For the full architecture, see Understanding Qbee.
What Next?¶
| I want to... | Go to |
|---|---|
| Enable remote access and grant it to users | Configure Remote Access |
| Restrict which users can do what on which devices | Permissions |
| Access a device through the browser | Web console |
| Install and use the desktop client | qbee-connect |
| Use the command-line client | qbee-cli |
| Forward ports to other devices on the network | SSH port forwarding |