Securely Connect to Your Raspberry Pi From Any Device, Anywhere in the World

Learn how to access your Raspberry Pi from anywhere using SSH tunneling and Ngrok. Keep your Pi safe with a secure connection and password management best practices. …


Updated October 8, 2023

Need help with your Raspberry Pi?
Contact Me!

Do you love silly Raspberry Pi Projects?
Check out my this YouTube Channel!


Learn how to access your Raspberry Pi from anywhere using SSH tunneling and Ngrok. Keep your Pi safe with a secure connection and password management best practices.

Access Your Raspberry Pi From Anywhere with SSH and Ngrok

Introduction

Raspberry Pi is a popular single-board computer that has gained immense popularity among hobbyists, students, and professionals alike for its versatility and affordability. One of the most common use cases for Raspberry Pi is to act as a server or a gateway in various projects, but accessing it remotely can be challenging if you’re not at home or don’t have a static IP address. In this article, we will show you how to access your Raspberry Pi from anywhere using SSH tunneling and Ngrok.

Preparation

Before we begin, make sure you have the following:

  • A Raspberry Pi with Raspbian (or any other Linux distribution) installed
  • An internet connection on both your local network and your Raspberry Pi
  • The IP address of your Raspberry Pi (you can find this by running hostname -I in the terminal)
  • Ngrok account (sign up for a free account at ngrok.com)

Step 1: Install and configure SSH server on Raspberry Pi

First, you need to install an SSH server on your Raspberry Pi. This will allow you to connect to it remotely from any device with an internet connection. Open a terminal window on your Raspberry Pi and run the following command:

sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get install openssh-server -y

Next, start the SSH server by running:

sudo systemctl enable ssh && sudo systemctl start ssh

Step 2: Configure port forwarding on your router

To access your Raspberry Pi from outside your local network, you need to configure port forwarding on your router. This will allow incoming connections to be directed to your Raspberry Pi. Here’s a general guide to configuring port forwarding:

  1. Log in to your router’s admin interface (usually by typing the router’s IP address into your web browser)
  2. Navigate to the “Port Forwarding” or “Virtual Server” section
  3. Add a new rule with the following settings:
    • Protocol: TCP
    • External port: 222 (the default SSH port)
    • Internal IP address: The IP address of your Raspberry Pi
    • Internal port: 22
  4. Save and apply the changes

Step 3: Set up an SSH tunnel with Ngrok

Now that you have configured port forwarding, it’s time to set up an SSH tunnel using Ngrok. Run the following command on your Raspberry Pi to install Ngrok:

sudo wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-arm.zip && sudo unzip ngrok-stable-linux-arm.zip && sudo mv ngrok /usr/local/bin/

Create an Ngrok configuration file with your account’s authtoken:

sudo nano ~/.ngrok2/ngrok.yml

Add the following line to the file and replace your_authtoken with your Ngrok authtoken:

authtoken: your_authtoken

Save and exit the file by pressing Ctrl+X, Y, and Enter.

Finally, run the following command to start an SSH tunnel:

sudo ngrok tcp 22

Ngrok will output a public URL that you can use to connect to your Raspberry Pi from anywhere. Note that this URL will change every time you restart Ngrok.

Step 4: Connect to your Raspberry Pi remotely

To connect to your Raspberry Pi remotely, run the following command on your local machine or any other device with an internet connection:

ssh -p <remote_port> pi@<public_ngrok_url>

Replace <remote_port> with the port number displayed by Ngrok and <public_ngrok_url> with the public URL outputted in the previous step. When prompted, enter your Raspberry Pi’s username (usually “pi”) and password.

Best Practices for Secure Remote Access

  1. Change the default SSH port: The default SSH port (22) is a common target for hackers. Change it to a non-standard port to reduce the risk of unauthorized access. Edit the /etc/ssh/sshd_config file on your Raspberry Pi and change the Port setting to something random, then restart the SSH server.
  2. Use public key authentication: Public key authentication is more secure than password authentication because it doesn’t rely on a shared secret (password). Generate an SSH key pair on your local machine (ssh-keygen) and copy the public key to your Raspberry Pi (ssh-copy-id pi@<public_ngrok_url>). Disable password authentication in /etc/ssh/sshd_config by setting PasswordAuthentication no.
  3. Limit user access: Only allow specific users to access your Raspberry Pi remotely. Edit the /etc/ssh/sshd_config file and add the following line:
    AllowUsers <username1> <username2> ...
  4. Disable root login: It’s best practice not to allow direct root access over SSH. Set PermitRootLogin no in /etc/ssh/sshd_config. Instead, create a regular user with sudo privileges and use that account for remote access.
  5. Use a firewall: Install and configure a firewall on your Raspberry Pi (e.g., UFW or Fail2Ban) to block unauthorized attempts to access the SSH server.