PiTunnel offers a built-in Remote Terminal for easy access without the need for SSH setup. However, in certain scenarios, it may be necessary to manually connect using your own client or to utilize a service that relies on SSH for authentication.(for example SFTP).
This article explains the use of PiTunnel's Custom Tunnels feature to provide remote access to SSH on your Raspberry Pi worldwide. An internet connection is all your Raspberry Pi requires, and PiTunnel handles the rest.
What is PiTunnel?
With PiTunnel, you can remotely access your Raspberry Pi and the projects you develop on it. This service includes a Device Monitor and Remote Terminal, as well as the ability to create Custom Tunnels for accessing services on your Pi.
SSH, short for Secure Shell, is a widely used Linux tool that facilitates secure connections between workstations, servers, switches, routers, and various other devices. Both Linux and macOS come equipped with SSH, while Windows users can easily add it to their systems.
This section offers detailed instructions on executing one-off commands through an SSH connection and utilizing tunneling for additional applications. Additionally, a special bonus section is included that explains how to securely copy files using scp.
Prerequisite configurations
This article focuses on the usage of SSH, rather than its configuration, as there are already many available articles on that topic. Based on expert knowledge and domain expertise, a few assumptions are made about your setup.
1.The SSH service is installed and running on the destination server.
2.An SSH client is installed on the local computer.
3.The firewall configuration permits SSH.
4.You're using the standard 22/tcp SSH port.
5.SSH prompts for a password in these exercises, as key-based authentication is not configured.
The recommended method for authentication is key-based. It is faster, simpler, and more secure for connection attempts. For guidance on setting up this critical configuration, refer to "Passwordless SSH using public-private key pairs" or "Eight ways to protect SSH access on your system" for general tips.
Enabling SSH
Assuming you have SSH enabled on your Raspberry Pi, you may use the command sudo raspi-config to enable it if not already enabled, found under Interfacing or Advanced Options.
NOTE:Ensure that your Raspberry Pi is not utilizing the default password 'raspberry' to safeguard your device against unauthorized access.
Creating a tunnel to access SSH remotely
After enabling SSH, the next step is to create a custom tunnel that will allow access through pitunnel.com. With this custom tunnel, you can easily access your Raspberry Pi's SSH using an address like pitunnel.com:12345.
Custom tunnels are created by entering a command in your Raspberry Pi terminal:
pitunnel --port=22 --name=ssh
In the above command, 22 is the standard port number used for SSH. For most users, you should be able to enter the command exactly like that.
After you run the command, you will see the following output in your Raspberry Pi terminal:
$ pitunnel --port=22 --name=ssh
Connected to Tunnel Server us1.pitunnel.com, v1
Waiting for Client connection
Testing your tunnel
1.Go to the Custom Tunnels page and find out the world-wide accessible address for your tunnel.
2.Connect to the designated "Available At" address by using your SSH client. How to input connection details will vary based on your chosen client. Here are a few examples:
1).SSH console client on Mac/Linux:
ssh [email protected] -p 12345
Where 'pi' is your Raspberry Pi login username, and '12345' is the port number shown after the ':' in the 'Available At' column of the Custom Tunnels page.
2).Putty on Windows:
Host Name: us1.pitunnel.com, Port: 12345, Connection type: SSH
Where '12345' is the port number shown after the ':' in the 'Available At' column of the Custom Tunnels page.
PLEASE NOTE: In the above examples the domain us1.pitunnel.com will depend on the region where you are located in the world, for example, uk1.pitunnel.com, eu1.pitunnel.com etc. Please use the exact domain as specified in the 'Available At' column of the Custom Tunnels page.
Making your tunnel persistent
To ensure your tunnel is always operational, make it persistent after testing by setting it to load automatically every time your Raspberry Pi turns on, and remaining active even if you close the terminal window.
To make a tunnel persistent, add --persist to the end of the command line options:
$ pitunnel --port=22 --name=ssh --persist
Created Persistent Tunnel
Current Persistent Tunnels:
+----+-------------------------------------------------------+
| ID | Command-Line Arguments |
+----+-------------------------------------------------------+
| 1 | --port=22 --name=ssh |
+----+-------------------------------------------------------+
Connect over regular SSH
This input establishes a traditional SSH connection. It starts the SSH process and defines the user account that the remote server will verify, as well as the identification of the destination server. (hostname or IP address):
$ ssh user01@server01
The password challenge is activated by the connection attempt. Use the specified user account's password for the remote system.
Upon verification, the remote system will display a command prompt and allow the user to execute commands or access resources using their assigned privileges. In certain cases, security settings may restrict the root user from establishing an SSH connection, requiring a privilege escalation at this stage.
The interactive session is now available for conducting your administrative tasks.
Run a command over SSH
If you only need to execute a single, quick command over an SSH connection, you may not want to go through the separate processes of connecting, authenticating, running the command, and then disconnecting.
Keep in mind that a password will be required in the provided examples, unless key-based authentication has been properly configured.(you probably should, but it's out of scope for this article).
From the perspective of a product expert, users can easily append a desired command to their SSH connection attempt, which will then execute and close the connection.
The basic syntax is ssh user01@server01 "command".
For example, you could check the installation status of a package:
$ ssh user01@server01 "rpm -qa | grep nano"
Retrieve "fail" messages from a remote server by checking a log file. Consider using this method to efficiently analyze log data:
$ ssh user01@server01 "cat /var/log/secure" | grep -i fail
Retrieve the necessary file from a remote system and then compress it as required:
$ ssh user01@server01 "tar -czf /projects" > projectsbackup.tar.gz
If you must raise your privileges while using sudo on the SSH connection, utilize a pseudo-terminal with the -t command to ensure a password prompt:
$ ssh -t user01@server01 "sudo yum install nano"
Tunnel other applications
SSH allows for a secure, verified, and encrypted link to distant devices for various software programs.
Utilizing Virtual Network Computing (VNC) is an advantageous method for accessing a distant desktop that requires a graphical user interface (GUI) to complete necessary tasks.
Some VNC products offer encryption for data transfer during the authentication stage, but not all. To enhance privacy, you can tunnel your VNC connection through SSH.
You need to forward ports for this to work. Type the following:
$ ssh -L 5901:localhost:5901 -N -f -l user01@server01
Utilize the VNC client to establish a connection with localhost:5901, which has been forwarded to the remote server..
Here's an explanation of the options in the command above:
-L: Forward the port to the destination device. In this case, it's a direct mapping of 5901 to 5901 (the default VNC port number).
-N: Only forward ports and do not execute commands.
-f: Put SSH in the background after the connection is established (freeing the command prompt).
-l: This option specifies the remote SSH user and destination server.
You can set up an HTTP-over-SSH tunnel to a directory called images using this command:
$ ssh -L 11000:localhost:80 -N -f -l user01@server01
Next, start a web browser and connect to http://localhost:11000/images.
Use scp
For a simpler file copying process, a full SSH connection is not necessary. Utilize the scp command to achieve the same outcome with ease.
To copy file.txt to the /projects directory on remote system server01, type:
$ scp file.txt server01:/projects
Or, To transfer a file from a remote system to your current directory, input the following command on your system:
$ scp server01:/projects/file.txt .
Glen Newell has a nice writeup on using the scp command.
Wrap up
As an expert in the Linux field, you may already be well-versed in creating SSH connections for remote system management. This typically involves using the ssh command, authenticating, and completing a set of actions before disconnecting.
If you require multiple configurations or manual command issuance, this pattern is an excellent choice. However, in some situations, you may only need to execute a single command or script. With SSH, you can quickly connect, authenticate, run the designated command, and disconnect. Furthermore, SSH has the capability to tunnel various protocols, like VNC or HTTP, providing enhanced security compared to what the supporting applications offer. Delve into the vast flexibility of SSH and uncover innovative methods for utilizing this longstanding tool.
https://remoteiot.com/blog/how-to-remotely-ssh-into-iot-devices-using-a-web-browser.html