Securely Access Your Raspberry Pi Remotely with SSH
Learn how to connect to your Raspberry Pi remotely using SSH and secure your setup. …
Updated September 7, 2023
Need help with your Raspberry Pi?
Contact Me!
Do you love silly Raspberry Pi Projects?
Check out my this YouTube Channel!
Learn how to connect to your Raspberry Pi remotely using SSH and secure your setup.
In this article, we’ll discuss how to SSH into a Raspberry Pi over the internet. We’ll cover the basics of SSH and then walk through setting up port forwarding on your router to enable remote access. Finally, we’ll look at securing your setup with key-based authentication.
What is SSH?
SSH stands for Secure Shell, which is a protocol used to securely connect to another computer over the internet. With SSH, you can execute commands on your Raspberry Pi as if you were sitting in front of it, even if it’s located somewhere else in the world. This is useful when you want to run scripts or applications that require constant uptime, or for remote monitoring and management.
Setting up SSH
SSH comes pre-installed on most modern Linux distributions, including Raspbian (the default OS for Raspberry Pi). To enable it on your Raspberry Pi, open the terminal and type:
sudo systemctl enable ssh
sudo systemctl start ssh
This will enable and start the SSH service. If you haven’t set up a static IP address for your Raspberry Pi yet, now is a good time to do it. This will make it easier to connect later on.
Port forwarding on your router
To access your Raspberry Pi over the internet, you need to forward a port on your router to the Pi’s IP address. This tells your router that incoming traffic on a specific port should be directed to your Pi.
- Log in to your router’s admin interface by opening a web browser and typing in its IP address (e.g.,
http://192.168.0.1). The default username and password are oftenadminandadmin, but this may vary depending on your router model. - Look for the section on port forwarding or virtual servers. This is where you’ll create a new rule to forward traffic from an external port (e.g., 22222) to your Raspberry Pi’s IP address and SSH port (usually 22).
- Add a new rule with the following settings:
- External Port: 22222 (or any other unused port number)
- Internal Port: 22
- IP Address: Your Raspberry Pi’s static IP address
- Save and apply your changes to the router configuration.
Now you can connect to your Raspberry Pi over the internet using a command like ssh pi@your-public-ip -p 22222. Replace your-public-ip with your router’s public IP address, and enter your Raspberry Pi username (usually pi) and password when prompted.
Key-based authentication
To secure your SSH connection even further, we can use key-based authentication instead of a password. This involves generating an SSH key pair on your local machine and copying the public key to your Raspberry Pi. Here’s how:
- Generate a new SSH key pair by running
ssh-keygenin your terminal. You’ll be prompted to enter a file path and passphrase (optional). - Copy the contents of the public key to your Raspberry Pi. Run
cat ~/.ssh/id_rsa.pubon your local machine, then copy the output and append it to~/.ssh/authorized_keyson your Raspberry Pi usingnanoor another text editor. - Back on your router configuration page, disable password authentication for SSH by adding
PasswordAuthentication noto/etc/ssh/sshd_config. Save the changes and restart the SSH service withsudo systemctl restart ssh.
Now you can connect to your Raspberry Pi using ssh pi@your-public-ip -p 22222 -i ~/.ssh/id_rsa without entering a password. This is much more secure than using a password, especially if you’re connecting from an untrusted network.
Remember to update your Raspberry Pi regularly and keep your SSH software up-to-date for the best security practices. Now you can access your Raspberry Pi over the internet with confidence!