SSH-ing into the Raspberry Pi over the internet.

Sure, it’s easy to SSH into your Raspberry pi when you’re on the same network as the pi itself. You just do an nmap scan to map out the active IP addresses in your network, and you try them out one by one and eventually you’ll gain access. Once you gain access, you can set up your Pi to have a static IP so that you don’t have to bust your ass with nmap every time, and voila, you’re done. (To avoid nmap, one could also go to your router’s page and check all clients under the DHCP service. But this is only possible if you have access to the router.)

But what’s the fun in that?

Once you leave your network, you can’t access your Pi at all. So unless you’re a fat neckbeard spending your whole time in your mom’s basement, the above isn’t very exciting.

In order to get SSH access to my Pi from anywhere in the world, from what I could gather, these were the steps.

  1. Set up a static IP address for your Pi.
  2. Go to your router and forward a port. This is like punching a tiny hole in your firewall to allow any incoming connections from the internet (on the port you forwarded) to go through to the IP address in your home network.
  3. FInd out your network’s public IP
  4. SSH into your Pi!

The second step was the most irritating of all. I went to my routers page, and forwarded port 22 to my raspberry pi, and set up a static IP, and did everything else. But it just wouldn’t connect! I had no idea what to do.

I then searched for alternatives, and I found this amazing service called Weaved. Weaved is a service which basically cuts down all the irritating stuff you have to do in order to get your own connected Internet of Things. This was exactly what I wanted.

So I went ahead and made a Weaved account, and set up everything as shown here. It was very snappy and quick.

The next day I went to work, and opened up my Weaved page, and clicked on my devices which were online.

untitled1

After clicking on my device, I found this.

Untitled2

I just followed the instructions and there I was, controlling my Raspberry pi from work. Oh man the sweetness.

But life rarely is so easy. The next day I came to work and did the same thing, and I got the dreaded “connection closed by foreign host” error, after being frustrated for a while, I gave up.

The next day I came and it worked! I didn’t know how but it worked. It was as if the universe was playing a cruel joke on me. Anyways, this kept happening. For no apparent reason, I’d get an erraneous ssh_exchange_identification, and for no apparent reason again, everything would go to normal. I searched high and low for an explanation, but I couldn’t get anything partly because Weaved is a new product and not many people are using it yet. So there wasn’t that big a community I could reach out to.

But nonetheless, the people at Weaved were kind enough (or rather, the person running the Weaved twitter handle) to note my excessive wailings on twitter, so they reached out to me, apologized for the inconvenience I was facing, and offered to bump up my account to allow 2 hour connections (previously it was just 30 minutes, which was even more frustrating). I was so touched.

But soon I got very frustrated and searched again for an alternative. Then I found this answer on the raspberry pi stackexchange and found the keyword “ngrok.com”.

This was really the answer to all of my problems.

Ngrok is a tool which creates secure tunnels to your localhost. For ssh, I needed TCP tunnels. To install ngrok on the Pi, I just had to download the Linux/ARM zip file on the pi, and unzip it. That’s it. Now to open a secure TCP tunnel to the localhost on port 22, type in the following.

                ./ngrok tcp 22

Once you have a Tunnel Status = Online, you should see a hostname and port in the “Forwarding” section, which, for an example, looks like

       0.tcp.ngrok.io:510xx

Now this tunnel is forwarded to the localhost. So to ssh into your Raspberry pi over the internet, fire up PuTTY when you’re at work, and enter the hostname and port and the username “pi”, or type in

ssh pi@0.tcp.ngrok.io –p 510xx

and you should be through. This was even more beautiful! It is recommended to use ngrok with a terminal multiplexer such a screen or tmux. I personally used tmux.

A tmux session running a ngrok tcp tunnel to my localhost on prt 22.
A tmux session running a ngrok tcp tunnel to my localhost on p0rt 22.

That was that! For now I’m able to SSH into it pretty cleanly. I just hope this doesn’t die on me.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s