Securely Access Your Raspberry Pi Remotely Using SSH

Learn how to set up remote access to your Raspberry Pi and connect securely from anywhere using the SSH protocol. …


Updated August 11, 2023

Need help with your Raspberry Pi?
Contact Me!

Do you love silly Raspberry Pi Projects?
Check out my this YouTube Channel!


Learn how to set up remote access to your Raspberry Pi and connect securely from anywhere using the SSH protocol.

SSH, or Secure Shell, is a cryptographic network protocol that allows users to securely log in to and control a remote computer over an unsecured network. In this article, we will show you how to set up your Raspberry Pi to allow remote SSH access from anywhere. By following these steps, you can work on your Pi from the comfort of your couch or while on the go, without having to be physically connected to it.

Prerequisites

Before starting, make sure you have the following:

  1. A Raspberry Pi with an internet connection (preferably a Raspberry Pi 3 or higher).
  2. An SD card with the latest version of Raspbian installed.
  3. A network cable to connect your Raspberry Pi to your router (if not already connected wirelessly).
  4. A stable internet connection on your local network.
  5. The IP address of your Raspberry Pi. You can find this by running hostname -I in the terminal.
  6. A computer or device with a web browser and access to the internet.

Step 1: Enable SSH on Your Raspberry Pi

By default, SSH is disabled on Raspbian. To enable it, open the terminal on your Pi and type:

sudo systemctl enable ssh

Next, start the SSH service by running:

sudo systemctl start ssh

Step 2: Set Up Port Forwarding on Your Router

To allow remote access to your Raspberry Pi, you need to set up port forwarding on your router. This will direct incoming connections from the internet to your Pi’s IP address. Here are general instructions for setting up port forwarding:

  1. Log in to your router’s admin panel by entering its IP address (e.g., http://192.168.0.1) into a web browser. The default username and password are often admin and admin, respectively.
  2. Navigate to the port forwarding settings page. This is typically found under “Advanced Settings” or “Applications & Gaming.”
  3. Create a new port forwarding rule with the following settings:
    • External (WAN) Port: 22 (the standard SSH port)
    • Internal (LAN) IP Address: Your Raspberry Pi’s local IP address (found by running hostname -I on your Pi)
    • Internal (LAN) Port: 22
  4. Save the settings and exit the router admin panel.

Step 3: Configure Your Raspberry Pi Firewall

To ensure that only authorized users can access your Pi remotely, you should configure its firewall to allow SSH connections. Run the following commands in the terminal on your Pi:

sudo apt-get update
sudo apt-get install ufw
sudo ufw allow ssh
sudo ufw enable

Step 4: Generate an SSH Key Pair

SSH keys provide a more secure way to authenticate users without relying on passwords. To generate a key pair, follow these steps:

  1. On your local computer, open the terminal and run ssh-keygen. Press Enter to accept all default options.
  2. When prompted for a passphrase, enter one or leave it blank for no passphrase.
  3. This will generate two files in the .ssh directory: id_rsa (your private key) and id_rsa.pub (your public key). Copy your public key to your Pi by running:
cat ~/.ssh/id_rsa.pub | ssh pi@<Your Raspberry Pi's IP address> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && touch ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && cat >> ~/.ssh/authorized_keys"

Replace <Your Raspberry Pi's IP address> with the actual IP address. You will be prompted to enter your Pi’s password one last time. 4. Back on your Pi, edit the SSH configuration file by running sudo nano /etc/ssh/sshd_config. Set PasswordAuthentication to no, save and exit (Ctrl+X, Y, Enter). This will disable password authentication and only allow access through key pairs. 5. Restart the SSH service:

sudo systemctl restart ssh

Step 5: Connect to Your Raspberry Pi From Anywhere

Now you can connect to your Raspberry Pi from anywhere with an internet connection. Open a terminal on your local computer and run:

ssh pi@<Your Raspberry Pi's IP address> -p 22

Replace <Your Raspberry Pi's IP address> with the actual IP address. You will be prompted to enter your SSH key passphrase if you set one earlier. If everything is configured correctly, you should see the standard Raspbian terminal prompt:

pi@raspberrypi:~ $

From here, you can run commands on your Pi as if you were sitting in front of it. When you’re done, exit with exit or pressing Ctrl+D.

Conclusion

By following these steps, you have successfully set up remote access to your Raspberry Pi using SSH. Now you can work on your Pi from anywhere, as long as you have an internet connection and your router allows incoming traffic on port 22. Remember to keep your software updated and use a strong passphrase for additional security. Enjoy the convenience of working with your Raspberry Pi from wherever you are!