Creating a SSH Tunnel for mavlink communications

SSH Tunnel

Good practice suggests that we should secure and encrypt the mavlink (APM Planner) connection from the GCS to the RPi. This can be easily accomplished without any additional code and is built into SSH.

Be aware that this is a TCP connection, so if you loose connection between the GCS and RPi, you will have to re-connect the APM Planner to establish the session.


Here is a simple way to secure communications.

I execute the APM binary on the RPi with the follwing command:

sudo ArduCopter-quad -A tcp: -C /dev/ttyAMA0

This will setup a mavlink TCP connection listening on localhost (the localhost of the Rpi) on port 9999


The next step is to SSH using your favorite SSH program that has port forwarding capabilities, I use SecureCRT but I also believe Putty supports port forwarding.

You should configure your SSH program to port forward from to the remote address

Make the SSH connection to your RPi (you will have to know the IP address of your RPi) using the configured SSH connection above and leave the SSH window open (this is your SSH Tunnel, DO NOT close this connection or you will close your tunneled connection)


Fire up APM Mission Planner and create a TCP connection with the IP address: with port: 9999 as shown below.


Connect and you should now have a SSH secure tunnel to your RPi with mavlink and APM Planner running through the tunnel.


Hope this helps some people out who want to secure their communications to their RPi. I use this method quite a lot for maintenance of production servers. The method described above only exposes the SSH port (usually port 22) to the outside world and only allow authorized users to connect to local services provided by the linux server/RPi.