Remote Operation

Operate your Raspberry Pi from a remote location

Raspberry Pi remote-desktop-conection

Telnet

Enabling Telnet
Installing Telnet Server and Client on Raspberry Pi

sudo apt-get install telnetd
sudo /etc/init.d/openbsd-inetd restart
sudo apt-get install telnet


Now you can telnet into your Raspberry Pi and also telnet from your Raspberry Pi

Remote Desktop Connection
to the Raspberry Pi

If you need to reach the Pi via graphical user interface, the easiest way is the following:

If you are running Windows on a PC, install xrdp on your Pi (apt-get install xrdp) and use Window's remote desktop.

http://windows.microsoft.com/en-us/windows-vista/connect-to-another-computer-using-remote-desktop-connection

Please note it may not work over the internet, as the firewalls can block the RDP port, but it works perfectly over LAN, in your home network.


Remote Desktop into the Raspberry Pi Using VNC
Needed:
- linux home server / linux home PC
- Raspberry Pi - wheezy linux

SSH is great if you want to remotely access the RPi from the command line. The Raspbian OS also comes with a Desktop GUI environment called LXDE. If can access the LXDE desktop over HDMI by typing “startx” in the command line window. This will not work over SSH. Luckily we can still remotely access the LXDE Desktop from the Linux PC, using the VNC protocol.

- First we need to install the VNC server software on the the RPi. To do this, SSH into the Raspberry Pi and type “sudo apt-get install tightvncserver“. This will install the VNC server software on the RPi. Then type “tightvncserver” to configure the VNC server for the first time. You will then be asked to enter a password (8 characters only) & confirm it. I used “raspberr”. You will then be prompted to enter an optional “view only password”. This is not needed and you can choose to not set one by saying no. the next step is to type the following into the RPi SSH session to start the VNC server: “vncserver :1 “. This starts a VNC server on display number 1 with a resolution of 1280 by 720 and a color depth of 24. At this point the VNC server should be running on the Raspberry Pi.

- Now open another console window on your Linux PC and install a VNC viewer (client) on the Linux PC with the command: “sudo apt-get install xtightvncviewer “. Then in the same console window (Linux PC) type “xtightvncviewer &“. The ampersand allows us the run the application in the background.

- This will open the VNC viewer on our Linux PC. Type in the VNC server address that you want to connect to i.e. the RPi IP address & display number “10.42.0.73:1″. You will then be prompted to enter your VNC password. Type that in and press enter.

- You now have full control over your Raspberry Pi via both the command line with SSH and the desktop environment over VNC.

Raspberry Pi remote-desktop-conection

Reverse Remote Ssh Tunnel

The problem is that if I connect my Raspberry Pi to the Internet somewhere in the world and leave it there, later I need to have remote connectivity to it. I know my home server`s IP but I don’t know the Pi’s IP when for eg NAT is in use, for example using mobile internet for feeding the Raspberry Pi with Internet. Usually most of the incoming ports are blocked by the mobile internet operators, but the outgoing ports are usually open, so we are initiating a tunnel from the Raspberry Pi that opens the door to us to reach the Pi remotely.

Solution:
I can configure the Raspberry Pi to "call home" by creating a tunnel, on which tunnel I can reach the Raspberry Pi from my remote server.
Here is the configuration:

Pre-configuration
Before beginning you need to have the following:
- Raspberry Pi with a Wheezy linux on it
- Raspberry Pi is configured to receive a DHCP address
- Raspberry Pi is configured to receive/create ssh connections
- A separate home linux server (Ubuntu is recommended) that is reachable by ssh from the internet

It should be easy enough to figure out how to complete these on your own. With the above, you should be able ssh to the Pi remotely if you know its IP. Well you don’t know its IP and even if you did it is probably behind a firewall which makes it impossible to get to. Or so you think.
What you’ll need is your home linux server that having a dynamic domain name or static IP address. The Raspberry will ssh into it from anywhere in the world. Suppose it’s IP is 25.25.25.25.
Initially all I’ve done is made a port forwarded on port 22 through the firewall of my home router to towards my linux home server to make this work.

Setting up the ssh certificate on the Pi
From the Raspberry Pi you should be able to ssh to this linux server. Test it to be sure. So now you want to set it up so the authentication is certificate based (this way the Pi can be set up to auto ssh into the server without being prompted for a password). From the Pi do the following to create a certificate based authentication.

cd ~/.ssh
ssh-keygen -t rsa

Choose no passphrase when asked and accept the default filename of id_rsa
scp id_rsa.pub <user>@<yourhomeserver>:.ssh/authorized_keys
Provide your password when asked and thats the last time you’ll have to do it!

Creating the Reverse SSH tunnel
Now comes the fun part. Create a reverse remote ssh tunnel to that host to forward connections back to the Pi. Confused? Here look at this command you would issue from the Pi:

ssh -f -N -R 2222:localhost:22 serverUser@25.25.25.25

The Pi is ssh’ing to the server at 25.25.25.25 using the username “serverUser”. Upon doing so, it’s telling that server to open port 2222. Any connections coming into the server on port 2222 forward them over the tunnel back to the Pi on port 22. The -N tag is saying we don’t need to actually send any ssh commands once connected.

Once the Pi sets up that remote tunnel; from the server you can reach the Raspberry Pi, by doing this:

ssh -l piUser -p 2222 localhost

Now you should be ssh’d into the Pi using port 2222 on the linux server! Awesome!
Why did this work? The linux home server is listening on port 2222 for incoming ssh connections. If it receives one, it will forward all traffic it receives into the previous ssh connection that was established already. That is essentially what the remote tunnel does.

Please note, this SSH tunnel will not last forever, usually if you don't use it, it disconnects in about 20-30 min.
But you can make a script that triggers to build up a new SSH tunnel when it disappears, or another script for example every day after a restart it will make a tunnel at a specific time, so you can gain access to the Raspberry Pi.



Important:
On the server normally there are no other ports than 22 in the LISTEN list, but once the raspy initiate the tunnel it will add port 2222 which is used to call the Raspberry Pi from the server

zsolt@server:~$ ps -A | grep sshd
558 ? 00:00:00 sshd
1611 ? 00:00:00 sshd
1691 ? 00:00:00 sshd
zsolt@server:~$ sudo ss -lnp | grep sshd
[sudo] password for zsolt:
LISTEN 0 128 :::22 :::* users:(("sshd",558,4))
LISTEN 0 128 *:22 *:* users:(("sshd",558,3))
zsolt@server:~$ ssh -p 2222 pi@localhost

pi@localhost's password:
Linux raspberrypi 3.6.11+ #474 PREEMPT Thu Jun 13 17:14:42 BST 2013 armv6l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sat Aug 24 20:53:36 2013 from localhost
pi@raspberrypi ~ $ exit
logout
Connection to localhost closed.

zsolt@server:~$ sudo ss -lnp | grep sshd
LISTEN 0 128 :::22 :::* users:(("sshd",558,4))
LISTEN 0 128 *:22 *:* users:(("sshd",558,3))
LISTEN 0 128 127.0.0.1:2222 *:* users:(("sshd",2008,10))
LISTEN 0 128 ::1:2222 :::* users:(("sshd",2008,9))
zsolt@server:~$


When you log out from the Raspberry Pi, the port 2222 still in use, so if you have trouble to reach the Pi, you have to release the port on the server by executing:

sudo killall sshd

after this the Raspberry Pi can freely initiate a new connection for port 2222.

Most of the linux servers are breaking the SSH / tunnel connection if there is no communication on it.
If you want to keep your tunnel alive, you have to add the followings into your ssh_config file in your Raspberry Pi.

sudo nano /etc/ssh/ssh_config

and paste these two lines into it.

ServerAliveCountMax 20
ServerAliveInterval 20


________________________________________________________________________

Making the Remote Reverse SSH Tunnel persistent (always on)

Next is to make this a persistent thing. You want the Pi to keep trying to build this ssh tunnel always and if it goes down try to bring it back. We’ll do this using a bash script and cron job.
Create a file on the Pi called ~/create_ssh_tunnel.sh and put this in it:

#!/bin/bash
createTunnel() {
/usr/bin/ssh -f -N -R 2222:localhost:22 serverUser@25.25.25.25
if [[ $? -eq 0 ]]; then
echo Tunnel to jumpbox created successfully
else
echo An error occurred creating a tunnel to jumpbox. RC was $?
fi
}
/bin/pidof ssh
if [[ $? -ne 0 ]]; then
echo Creating new tunnel connection
createTunnel
fi

What this program is doing is checking to see if there’s a process running called ‘ssh’. If there isn’t then start the ssh tunnel.
Next make it executable by doing the following:
chmod 700 ~/create_ssh_tunnel.sh
Now start the crontab.

crontab -e

Place this in as your cron job (every minute check if the ssh connection is up, if not, attempt to bring it up)

*/1 * * * * ~/create_ssh_tunnel.sh > tunnel.log 2>&1

To troubleshoot any problems in this you can view the tunnel.log file.
When the Raspberri Pi is on, it will check every minute to see if an ssh connection to your linux server exists. If it doesn’t it will create one. The tunnel it creates is really a reverse remote tunnel. Once the tunnel is up, anyone who ssh’s into port 2222 of the linux server will then be redirected to the Pi. Incredible!

Terminal

mit JuiceSSH

Admin