Skip to content

Latest commit

 

History

History
154 lines (124 loc) · 3.82 KB

README.md

File metadata and controls

154 lines (124 loc) · 3.82 KB

rpi-remote-access

In order to get ssh access to a Raspberry Pi (e.g., through a 4G modem or if it is behind a firewall), the frp reverse proxy can be used.

For this purpose, a server with a public IP or DNS name will act as server (e.g., an AWS server in the free tier) that the Raspberry Pi will connect to.

Server (eg cloud VM)

Inbound ports that need to be open:

  • 22 - for general ssh access
  • 7000 - general inbound connections from clients
  • 6000 - for accepting ssh connections and forwarding them to the client (unique to each client)

Server requires DNS name or fixed IP address. DynDNS, like noip.com, works as well. See the DynDNS article for instructions.

For this example, we are assuming mydevice.ddns.net as the server DNS name.

Install frp:

  • Download appropriate release binary

    sudo bash
cd /opt
wget https://github.com/fatedier/frp/releases/download/v0.37.1/frp_0.37.1_linux_amd64.tar.gz
tar -xzf frp_0.37.1_linux_amd64.tar.gz
ln -s frp_0.37.1_linux_amd64 frp

  • Create /etc/frps.ini with the following content:

    [common]
bind_port = 7000

  • Create systemd service /etc/systemd/system/frps.service with the following content:

    [Unit]
Description=frp reverse proxy server
After=network.target

[Service]
User=ubuntu
Group=ubuntu
WorkingDirectory=/opt/frp
ExecStart=/opt/frp/frps -c /etc/frps.ini

[Install]
WantedBy=multi-user.target

  • Install systemd service

    sudo systemctl enable /etc/systemd/system/frps.service

  • Start service

    sudo systemctl start frps.service

Client (Raspberry Pi)

Inbound ports that need to be open:

  • 22 - for ssh access

Install frp:

  • Download appropriate release binary

    • 32-bit

      sudo bash
cd /opt
wget https://github.com/fatedier/frp/releases/download/v0.37.1/frp_0.37.1_linux_arm.tar.gz
tar -xzf frp_0.37.1_linux_arm.tar.gz
ln -s frp_0.37.1_linux_arm frp

    • 64-bit

      sudo bash
cd /opt
wget https://github.com/fatedier/frp/releases/download/v0.37.1/frp_0.37.1_linux_arm64.tar.gz
tar -xzf frp_0.37.1_linux_arm64.tar.gz
ln -s frp_0.37.1_linux_arm64 frp

  • Create /etc/frpc.ini with the following content:

    [common]
server_addr = mydevice.ddns.net
server_port = 7000

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000

  • Create systemd service /etc/systemd/system/frpc.service with the following content:

    [Unit]
Description=frp reverse proxy client
After=network.target

[Service]
User=pi
Group=pi
Restart=on-failure
RestartSec=15s
WorkingDirectory=/opt/frp
ExecStart=/opt/frp/frpc -c /etc/frpc.ini

[Install]
WantedBy=multi-user.target

  • Install systemd service

    sudo systemctl enable /etc/systemd/system/frpc.service

  • Start service

    sudo systemctl start frpc.service

Raspberry Pi access

Changing remote access to the Raspberry Pi to using ssh-keys only (as user pi):

  • On admin laptop create a ssh key in $HOME/.ssh: 
    ssh-keygen -f mydevice
  • Output the content of the public key (mydevice.pub) and paste it on the Raspberry Pi into /home/pi/.ssh/authorized_keys
  • On admin laptop, create the following entry in $HOME/.ssh/config: 
    Host mydevice
  User pi
  Hostname mydevice.ddns.net
  Port 6000
  IdentityFile ~/.ssh/mydevice
  • On Raspberry Pi, edit the /etc/ssh/sshd_config file and disable password authentication: 
    PasswordAuthentication no
  • Restart the ssh service on the Raspberry Pi 
    sudo systemctl restart ssh