Introduction: Securely Access Your Pi From Anywhere in the World

About: DIY Enthusiast

I have few applications running round the clock on the Pi. Whenever I got out of my house, it became very difficult to check on the Pi's health and status. I subsequently overcame the minor hurdle using ngrok. Accessing the device from outside gives rise to questions of security which I dealt with by enabling the 2FA (2 factor authentication) or 2 step authentication. So here are the steps below for you to access your Pi from outside with an added layer of security.

Step 1: Video Guides

Some prefer written material and some video guides. If you are one among the many who prefers a video guide check out these videos for step-by-step instructions.

Step 2: Prep Ngrok

Open a terminal on your Pi and run the following commands one after the another to download and prep the ngrok application

cd /home/pi/
wget ""
sudo unzip

Now you should have a folder labeled ngrok on the /home/pi/ directory.

Optionally, you can remove the original downloaded zip file to save some space

sudo rm /home/pi/

Now get the additional files to help you setup ngrok as a service

git clone

Step 3: Step Ngrok

Head over to ngrok's website and sign in. If you don't have an account, signup for one.

On your ngrok dashboard and under the authentication tab, you should find your Authtoken like how its shown below.

On a terminal on your Raspberry Pi, run the following to setup your authtoken.

/home/pi/ngrok authtoken "YOUR AUTHTOKEN COPIED FROM ngrok DASHBOARD"

You should get an acknowledgement like shown below.

Copy the tunnels from the sample ngrok configuration file (ngrok-sample.yml) in the /home/pi/ngrok-service/ folder.

Open the default configuration file using:

sudo nano /home/pi/.ngrok2/ngrok.yml

Paste the tunnels that you just copied from the sample. Feel free to remove the other tunnels that you may not need other than the SSH.

Now verify if the tunneling is working by starting the ngrok application using

/home/pi/ngrok start -all

Step 4: Setup Ngrok As Service

Run the commands one after the another to setup ngrok as service

sudo chmod +x /home/pi/ngrok-service/scripts/
sudo /home/pi/ngrok-service/scripts/
sudo systemctl enable ngrok.service
sudo systemctl start ngrok.service

Temporarily stop ngrok service untill the two factor authentication setup is completed.

sudo systemctl stop ngrok.service

Step 5: Setup Two Factor Authentication

Enable SSH if not already done using:

sudo systemctl enable ssh
sudo systemctl enable ssh
sudo systemctl stop ssh

Enable two factor challenge. Open ssh config using:

sudo nano /etc/ssh/sshd_config

Change ChallengeResponseAuthentication from the default no to yes.

Save the config file and exit.

Step 6: Configure Google Authenticator

Install google pluggable google authentication module

sudo apt install libpam-google-authenticator 

Run the following to start authenticator module


Download Google Authenticator app on your mobile and link the PAM module by scanning the QR code on screen.

Configure PAM to add the two factor authentication.

sudo nano /etc/pam.d/sshd

Add the following line to the beginning

 auth required

This can be added below or above @include common-auth

Step 7: Restart Ssh and Ngrok

Restart the services

sudo systemctl restart ssh
sudo systemctl restart ngrok.service

And that is a wrap