To facilitate remote tech support, we need a server some place safe, like this one. We also need to give the Raspberry Pi a username and password so it can log in (this article was used as a guide).
But why would we want to do this? I am looking to deploy a Raspberry Pi at my parent’s house as a bird box camera, however, this requires getting into it backwards via their Virgin Super Hub. In order to do that I would require: 1. Port Forwarding, 2. Knowing the IP address, and 3. having only one R-Pi in the system. In short, it would be difficult; the advantage of remote access is that if I update the code, I can log into the R-Pi remotely in order to deploy it.
- On my server we create a new user:
sudo adduser -p Pass User
We create a new user, that we will use for nothing else, so we can revoke access if we lose the Pi.
- Assuming the Pi is already set up (if not have a look here, here and perhaps here), SSH into it to create a SSH certificate:
cd ~/ mkdir .ssh cd .ssh ssh-keygen -t rsa
Choose no pass phrase when asked and accept the default filename of id_rsa
- now its time to move the public key to the server
scp id_rsa.pub <user>@<yourhost>:.ssh/newkey
(will require your password)
- While we could use the same key file for all Raspberry Pi’s, it makes more sense to have one key per device (this makes it easier to revoke). SSH into the server as the user, and then:
cat .ssh/newkey >> .ssh/authorized_keys
- Creating the reverse SSH tunnel.
Sneaking back onto the pi we now type:ssh -N -R 1337:localhost:22 <user>@<host>
where 1337 is a port that you want to use (one port per R-Pi).
- Once that is up and running, log into the server as any other user, and run the command
ssh -l pi -p 1337 localhost
You will now be logged into the Raspberry Pi sat next to you via your server, wherever that may be. (May be wise to change the Raspberry Pi password!).
- Now we are happy its all working we can make it persistent (always on), we create a file called “CreateSSHTunnel.sh” on the raspberry Pi with the following:
#!/bin/bash createTunnel() { ssh -N -R 1337:localhost:22 <user>@<host> if [[ $? -eq 0 ]]; then echo Tunnel to jumpbox created successfully else echo An error occurred creating a tunnel to jumpbox. RC was $? fi } /bin/pidof ssh if [[ $? -ne 0 ]]; then echo Creating new tunnel connection createTunnel fi
and then make it executable
chmod +x CreateSSHTunnel.sh
- To Automate it we need to add it to the Cron Tab
crontab -e
We will make it check for the tunnel being up every minute, and if not, attempt to bring it up. We will also output the errors to a log file (tunnel.log) so we can keep an eye on things, we need to append the following to the bottom:
*/1 * * * * ~/CreateSSHTunnel.sh >> ~/tunnel.log 2>&1
Now whenever I want to log into the Remote Pi, wherever it is I just SSH into my server, and type
“ssh -l pi -p 1337 localhost”, it will then prompt me for my password, (I could set up more SSH keys, to avoid this password requirement for automating via SSH, SCP or RSYNC but at the moment I don’t need to).
5 thoughts on “Remote Tech Support tool and Bird Boxes”
A very nice solution.
Is there a Windows solution though ??
I do not have a Linux server. Putty is a client SHH that runs under windows which I think is not suitable for this purpose.
Any tips?
There is a free windows SSH server in Bit Vise’s Windows SSH server – http://www.bitvise.com/ssh-server,
Another option will be to get an additional Raspberry Pi to replace where I used a server, Forward port 22 through your firewall to the R-Pi, get an Dynamic DNS service (see http://lifehacker.com/the-best-free-alternatives-to-dyndns-1561556205) to resolve a Domain name to your IP address. this you can use to set up all your other devices against.
Set up another raspberry pi at your house as a VPN server, then the raspberry pi at your parents or anywhere else in the world as a VPN client, you should then be able to address the webcam on your local network with the pi’s hostname
The webcam publishes the photos via FTP or SCP to a web server.
Setting up a VPN is a lot more hassle than it is worth, Given that I have no Home Network to talk about.
I have now put my servers public key onto the raspberry pi so I have password-less login in both directions.