AWS Robotics Blog

Running an SSH server on AWS RoboMaker


AWS RoboMaker is a fully managed service that enables Robotics developers to build, run, scale, and automate simulations without managing any infrastructure. During the development cycle, roboticists frequently need to perform a deeper inspection of what is going on within the running container. Though CloudWatch offers important metrics and logs related to simulation jobs, you still need to rely on traditional methods to login to the running container and inspect the real-time status of running processes (ROS nodes), messages and application logs. In this tutorial, you will learn the steps needed to configure SSH login to a running container on a AWS RoboMaker simulation job. SSH will provide remote shell access into a running container, which can be beneficial to inspect and troubleshoot logs and configurations. This tutorial will go over how to install and run OpenSSH on AWS RoboMaker. You will configure the required security groups and network parameter settings to enable SSH login to the container. 


A basic understanding of Docker is required, as this tutorial involves building a Docker image in an Ubuntu 20.04 environment. You need an AWS account with the necessary AWS IAM permissions to create an AWS Cloud9 development environment, create and push a container to an Amazon Elastic Container Registry, create an AWS RoboMaker simulation application, and run an AWS RoboMaker simulation job. Finally, this tutorial can incur costs, so follow the clean step at the end of the tutorial to avoid any surcharges.

Solution Overview

In this tutorial, you will create resources in your AWS account using a command line API. You can set up a development environment with the AWS CLI installed or create an AWS Cloud9 environment. We will use the following process to demonstrate this solution:

  1. Generate an SSH Key Pair on Cloud9.
  2. Build a Docker image with OpenSSH.
  3. Push the Docker image to the Elastic Container Registry (ECR).
  4. Configure and run a simulation job in AWS RoboMaker.
  5. SSH into the Docker container.

Generate an SSH Key Pair on Cloud9

  1. Use these steps to setup the Cloud9 environment.
  2. Connect to the Cloud9 environment. Run the following command to create a new folder robomaker-sshdemo.
    mkdir robomaker-sshdemo
  3. Run the following command in the Cloud9 terminal to generate an SSH key.
    ssh-keygen -t rsa -b 4096
  4. Follow the instructions on the command prompt and enter the complete location of the key file. For this tutorial, we will enter the directory location of robomaker-sshdemo created earlier.
Figure 1: Create SSH public and private key

Figure 1: Create SSH public and private key

Once the public and private keys are generated, we will use the public key during OpenSSH deployment in the container. The private key must be kept securely on your machine and used to provide SSH access.

Build docker image with OpenSSH

  1. Create a Dockerfile inside the robomaker-sshdemo directory and add the following content.
    #SSH access to the running container on AWS RoboMaker
    FROM osrf/ros:humble-desktop-full
    RUN apt update && apt install -y openssh-server xterm vim sudo
    RUN groupadd sshgroup && useradd -ms /bin/bash -g sshgroup sshuser && usermod -aG sudo sshuser
    RUN mkdir -p /home/sshuser/.ssh
    COPY /home/sshuser/.ssh/authorized_keys
    RUN chown sshuser:sshgroup /home/sshuser/.ssh/authorized_keys && chmod 600 /home/sshuser/.ssh/authorized_keys
    RUN sed -i 's/#Port 22/Port 1122/' /etc/ssh/sshd_config
    ENTRYPOINT ["/bin/bash", "-c"]
    Figure 2: Create Dockerfile

    Figure 2: Create Dockerfile

  2. Run the Docker build command to build the image.
    sudo docker build -t sshdemo:latest .

Once the Docker image is created, proceed with the next step.

Push Docker image to Elastic Container Registry (ECR)

In this step, we create an ECR repository to store Docker image.

  1. Run the following command to create an ECR repository on your AWS account.
    aws ecr create-repository --repository-name sshdemo
  2. Go to the ECR console inside your AWS account and search for the sshdemo repository. Choose View push command.
    Figure 3: Create and access the ECR repository

    Figure 3: Create and access the ECR repository

  3. Copy and run the first command to retrieve an authentication token and authenticate your Docker client to your registry.
    Figure 4: Commands to push Docker image to the ECR repository

    Figure 4: Commands to push Docker image to the ECR repository

  4. Copy and run the third command to tag the Docker image so you can push the image to this repository.
  5. Copy and run the fourth command to push this image to your newly created AWS repository.
    Figure 5: Push Docker image to the ECR repository

    Figure 5: Push Docker image to the ECR repository

This will take less than 5 minutes to push the Docker image to your ECR repository. You can review the most recent image in the sshdemo repository. Once completed, proceed to the next step.

Configure and run simulation job on AWS Robomaker

In this step, you will create a AWS RoboMaker simulation job with the sshdemo Docker image.

  1. Navigate to the AWS RoboMaker service. On the left navigation, select Simulation applications under the Development menu. Choose Create simulation application.
  2. Enter sshdemo in the Name field.
  3. Choose Browse ECR. For Amazon ECR repository, choose sshdemo.
  4. Choose Create.
    Figure 6: Create simulation application using Docker image

    Figure 6: Create simulation application using Docker image

  5. From the left navigation menu, select Simulation jobs and choose Create simulation job.
  6. For the IAM role, choose Create new role and enter the new IAM role name as sshdemo.
  7. For VPC under Networking, choose the default VPC.
  8. For Security groups, choose the default security group. The Dockerfile uses 1122 to run an SSH server. Ensure port 1122 is open for inbound communication for the default security group. For more details on how to add rules to a security group, follow the link.
  9. For Subnets, choose any two subnets.
  10. Set Assigned public IP to Yes and choose Next.
  11. Under Specify robot application, choose None under Choose method and choose Next.
  12. Under Specify simulation application, select existing applications under Choose method. For Simulation application, choose sshdemo.
  13. Under Launch command enter the following command.
    source /opt/ros/humble/setup.bash && ros2 run demo_nodes_cpp talker
  14. Expand the Simulation application tools section and choose Customize tools. Choose Add tool and input the indicated information for the following fields:
    1. Tool name: Exploratory-xterm
    2. Command: /usr/bin/xterm -geometry 120x40
    3. Choose Restart from the Exit behavior drop-down
    4. Choose Enable UI Streaming for Output settings
    5. Make sure the Send output to Amazon CloudWatch checkbox is chosen
    6. Choose Add tool   
  15. Under Simulation application connectivity enter the following details.
    1. Simulation job port: 1122
    2. Application port: 1122
    3. Port type: Public
  16. Choose Next and choose Create to create the simulation job.

This will take around 5 minutes to create the simulation job. Please move forward to the next step once the job is in the RUNNING state.

SSH into the docker container

In this step, you will SSH to the container running on the AWS Robomaker.

  1. Go to the Simulation application tools, choose Connect under the Exploratory-xterm tool, and execute the following command to start the SSH server.
    source /opt/ros/humble/setup.bash
    ros2 topic list
    service ssh restart
  2. Reset the password for sshuser.
    passwd sshuser
  3. Go to the running simulation job and copy Public IP address under the Networking section.
  4. Open the local terminal and navigate to the private key location.
  5. Run the following command to ssh into the container.
    ssh -i id_rsa sshuser@<<Public IP>> -p 1122
  6. Elevate the privilege and run the following commands in the SSH terminal to return a list of all the topics.
    sudo -i
    source /opt/ros/humble/setup.bash
    ros2 topic list
  7. Run the following command to see the data being published on a topic.
    ros2 topic echo /chatter

Congratulations! You can SSH into the container running on AWS Robomaker. You can run the top command to see running processes and navigate the directories to explore logs and configuration as well as perform many other useful diagnostics and actions.


When you’ve completed the tutorial, remove any resources you created to avoid incurring additional charges.

  1. To cancel simulation jobs, choose the simulation job ID and choose Cancel from the Action drop down.
  2. Delete the robot and simulation applications.
  3. Delete the IAM role created in step 1 of this tutorial.
  4. Delete the container image and ECR repository.
  5. Delete the Cloud9 Environment.


In this tutorial, you learned how to run an SSH server using AWS RoboMaker. This solution can help Robotics developers troubleshoot running applications in real-time and decrease the cycle time for model development. You can learn more about AWS RoboMaker in this developer guide. To find out more about how AWS (or our partners) can help you, please contact your representative.

Abhishek Srivastav

Abhishek Srivastav

Abhishek Srivastav is a Senior Solutions Architect at AWS. He is passionate about enabling customers to accelerate their cloud adoption. He is an IoT enthusiast and holds deep expertise in NoSQL databases, analytics, and AI/ML technologies. He is passionate about finding answers to complex problems by drawing on his in-depth understanding of these technologies. He has held lead positions for NoSQL Center of Excellence roles at various enterprise customers prior to joining AWS

Shaun Kirby

Shaun Kirby

Shaun Kirby is a Principal Enterprise Architect at AWS, specializing in the Internet of Things (IoT) and Robotics for the Automotive and Manufacturing industries. He helps customers excel with cloud technologies, diving deep into their challenges and opportunities to pioneer game changing solutions. Prior to AWS he led rapid prototyping and an IoT showcase at Cisco and has roots in large scale systems integration.