Hello,
I am working on a product that uses the Jetson AGX Orin module. Currently, our customers connect to the device via SSH, which gives them full access to the system shell. While this simplifies troubleshooting and interaction, it also raises a significant security risk—customers can potentially execute unintended or harmful commands on the device, including moving or deleting files.
At the same time, I need to retain the flexibility for developers to intervene remotely when required (e.g., debugging, system updates, or troubleshooting).
I’m looking for best practices and guidance to set up a secure, maintainable access architecture where:
- Customer access is tightly restricted—limited to only necessary directories, commands, or utilities; ideally with read-only or sandboxed capabilities, preventing destructive actions like deleting or moving files.
- Developer access remains privileged—able to perform necessary maintenance, updates, debugging, or configuration changes.
- Authentication methods are secure—e.g., SSH key-only access, role-based access control (RBAC), or leveraging DRIVE OS security profiles.
- Access logging and auditing are in place—for transparency and forensic capability.
- Ideally, profiles would be persistent across re-flashes, or part of the system setup flow (e.g., via the first-boot
oem-configor Secure Login options)
If anyone has experience with implementing such a secure access model on Jetson (AGX Orin or similar), or can point me to relevant documentation, example configurations, or forum threads about role-based SSH, key-management strategies, or related security practices—your help would be much appreciated.
Thank you in advance for your advice!