Cloud controlled secure Bluetooth pairing for network device management

What is claimed is: 1. A system, comprising: a hardware processor; and a non-transitory machine-readable storage medium encoded with instructions that, when executed by the hardware processor, cause the hardware processor to: send a Bluetooth pairing request to a network device that fails to connect to a network, wherein the network device responds to the Bluetooth pairing request by sending a challenge token, responsive to receiving the challenge token from the network device, send the challenge token to a server, wherein the server responds to the challenge token by sending a response token, wherein the response token comprises a secure Bluetooth pairing key, and responsive to receiving the response token from the server, establish a secure Bluetooth connection with the network device, comprising pairing with the network device using the secure pairing key. 2. The system of claim 1 , wherein the instructions, when executed by the hardware processor, further cause the hardware processor to: send a unique identifier to the network device, wherein the challenge token is generated by the network device based on the identifier; and send the unique identifier to the server, wherein the response token is generated by the server based on the identifier. 3. The system of claim 1 , wherein the instructions, when executed by the hardware processor, further cause the hardware processor to: connect the network device to the network using the secure Bluetooth connection. 4. The system of claim 1 , wherein the instructions, when executed by the hardware processor, further cause the hardware processor to: receive debugging data from the network device; and send the debugging data to the server. 5. The system of claim 1 , wherein the network device cannot connect to the network, the instructions, when executed by the hardware processor, further cause the hardware processor to: send the challenge token to a server over a mobile connection; and receive the challenge token from the server over the mobile connection. 6. The system of claim 1 , wherein the challenge token comprises an ephemeral public key. 7. The system of claim 6 , wherein the ephemeral public key is a Diffie-Hellman ephemeral public key. 8. The system of claim 1 , wherein receiving the challenge token comprises receiving, from the network device, a token representing a first public cryptographic key of a first cryptographic key pair generated by the network device in response to the Bluetooth pairing request, and the first cryptographic key pair comprises a first private cryptographic key corresponding to the first public cryptographic key. 9. The system of claim 8 , wherein: the network device generates a shared secret based on a second public cryptographic key of a second cryptographic key pair and the first private cryptographic key; the second cryptographic key pair comprises a second private cryptographic key corresponding to the second public cryptographic key; the server generates the shared secret based on the second private cryptographic and the token representing the first public cryptographic key; and the server generates the secure pairing key based on the shared secret. 10. A non-transitory machine-readable storage medium encoded with instructions executable by a hardware processor of a computing component, the machine-readable storage medium comprising instructions to cause the hardware processor to perform a method for a mobile device, the method comprising: sending a Bluetooth pairing request to a network device that cannot connect to a network, wherein the network device responds to the Bluetooth pairing request by sending a challenge token; responsive to receiving the challenge token from the network device, sending the challenge token to a server, wherein the server responds to the challenge token by sending a response token, wherein the response token comprises a secure Bluetooth pairing key; and responsive to receiving the response token from the server, establishing a secure Bluetooth connection with the network device, comprising pairing with the network device using the secure pairing key. 11. The medium of claim 10 , the method further comprising: sending a unique identifier to the network device, wherein the challenge token is generated by the network device based on the identifier; and sending the unique identifier to the server, wherein the response token is generated by the server based on the identifier. 12. The medium of claim 10 , the method further comprising: connecting the network device to the network using the secure Bluetooth connection. 13. The medium of claim 10 , the method further comprising: receiving debugging data from the network device; and sending the debugging data to the server. 14. The medium of claim 10 , wherein the network device cannot connect to the network, the method further comprising: sending the challenge token to a server over a mobile connection; and receiving the challenge token from the server over the mobile connection. 15. The medium of claim 10 , wherein the challenge token comprises an ephemeral public key. 16. The medium of claim 15 , wherein the ephemeral public key is a Diffie-Hellman ephemeral public key. 17. A method for a mobile device, the method comprising: sending a Bluetooth pairing request to a network device that cannot connect to a network, wherein the network device responds to the Bluetooth pairing request by sending a challenge token; responsive to receiving the challenge token from the network device, sending the challenge token to a server, wherein the server responds to the challenge token by sending a response token, wherein the response token comprises a secure Bluetooth pairing key; and responsive to receiving the response token from the server, establishing a secure Bluetooth connection with the network device, comprising pairing with the network device using the secure pairing key. 18. The method of claim 17 , further comprising: sending a unique identifier to the network device, wherein the challenge token is generated by the network device based on the identifier; and sending the unique identifier to the server, wherein the response token is generated by the server based on the identifier. 19. The method of claim 17 , further comprising: connecting the network device to the network using the secure Bluetooth connection. 20. The method of claim 17 , further comprising: receiving debugging data from the network device; and sending the debugging data to the server. 21. The method of claim 17 , wherein the network device cannot connect to the network, further comprising: sending the challenge token to a server over a mobile connection; and receiving the challenge token from the server over the mobile connection. 22. The method of claim 17 , wherein the challenge token comprises an ephemeral public key.