Intro: Remote SSH Access to Raspberry Pi 2
Ever wanted to deploy a Raspberry Pi "in the field" and still be able to access it?
Here is an easy way to enable remote SSH access to your Raspberry Pi 2 (and other models, too). While there are solutions involving a VPN or configuring port forwarding at a local firewall, those are often hard to manage for non-experts.
A new generation of relay services including My-Devices.net, Pagekite.net and Yaler.net tries to fix this. Here we use the Yaler relay service (disclosure: I'm a founder) to provide SSH access from anywhere to the Raspberry Pi 2.
- Raspberry Pi 2 (or any model), e.g. https://www.adafruit.com/products/1914
- USB cable, A / Micro B, e.g. https://www.adafruit.com/products/592
- Micro SD card, 4 GB, e.g. https://www.adafruit.com/products/102
- Ethernet cable, e.g. http://www.adafruit.com/products/995
- Desktop or laptop computer
- Local network with DHCP
(Note: Steps 3-5 based on CC BY-SA Yaler tutorials. Steps 1 & 2 let you start from scratch.)
Step 1: Install Raspbian
(If you've already got Raspbian running, skip this step.)
Download the image
Let's use the Raspbian Jessie (Lite) image which has sshd running by default. That's a plus for "headless" setup without a display, mouse or keyboard.
- Unzip the image ZIP to get the IMG image file
Prepare the SD card on Mac OSX
There are many ways to prepare the SD card on a Mac. Here's my favourite:
- Start PiFiller and select the IMG image file downloaded above
Prepare the SD card on Windows
- Get Win32 Disk Imager from http://sourceforge.net/projects/win32diskimager/
- Start the tool and select the IMG downloaded above (double check the drive)
Prepare the SD card on Linux
- Follow the steps in http://www.raspberrypi.org/documentation/installat...
Use the SD card
- Insert the SD card into the Raspberry Pi 2
- Connect the ethernet cable to your local network
- Connect the USB cable to power the device and wait...
Done. After a few minutes Raspbian should be up.
Step 2: Find the Raspberry Pi 2 in Your Local Network
(If the Raspberry Pi 2 has a display, mouse and keyboard, skip this step.)
Where's my Raspi?
Once Raspbian is installed and the Raspberry Pi 2 is connected to the local network, it should automatically get an IP address with DHCP and start running sshd, which listens to incoming SSH connections on port 22. But what's the IP?
Let's have a look
One way to find the local IP address of the Raspberry Pi 2 (and any other device) is to use the nmap command line tool.
- Get nmap from http://nmap.org/download.html
- To get your computer's local IP address, open a terminal and type
resulting in something like en0: flags= ... 192.168.0.7 netmask ...
- Start an nmap query for port 22 using your local IP address prefix, e.g.
$ nmap 192.168.0.0-255 -p22
- Check the result (if there are multiple IPs, it's usually the highest)
Make sure it's yours
- Get local SSH access to the Raspberry Pi 2 with ssh, using its local IP, e.g.
$ ssh firstname.lastname@example.org
- Enter the password, by default it's raspberry
- Change the password by typing
Done? Your Raspberry Pi 2 is now ready to be connected to the relay service.
Step 3: Install the YalerTunnel Daemon
The YalerTunnel daemon is a small software we'll put on your Raspi to connect local services running on the device to the relay service in the cloud. Like this:
Relay Service <- Firewall <- YalerTunnel Daemon -> Local SSH Service
Get a relay domain
Every device connected to the relay service needs a relay domain.
- Get a free trial account including a relay domain at https://yaler.net/
(Or, to host your own relay for non-commercial use, see https://bitbucket.org/yaler/yaler)
Let's build the YalerTunnel daemon from source.
- Open a shell on your Raspberry Pi 2 and update apt-get with
$ sudo apt-get update
- Download and install libssl with
$ sudo apt-get install libssl-dev
- Create a yalertunnel directory
$ mkdir yalertunnel $ cd yalertunnel
- Download, unzip and build the YalerTunnel source
$ wget https://bitbucket.org/yaler/yalertunnel2/downloads/YalerTunnel2.src.tar.gz $ tar xfzmv YalerTunnel2.src.tar.gz $ ./configure && make
Done? Then let's start the daemon.
Step 4: Start the YalerTunnel Daemon
Enable SSH access via Yaler
$ sudo apt-get install runit
- Create a yalertunnel-ssh service directory
$ sudo mkdir /etc/service/yalertunnel-ssh $ cd /etc/service/yalertunnel-ssh
- Download the yalertunnel run script and make it executable
$ sudo wget http://s3.yaler.net/raspi/run-ssh -O run $ sudo chmod a+x run
- Download the yalertunnel finish script and make it executable
$ sudo wget http://s3.yaler.net/raspi/finish $ sudo chmod a+x finish
- Open the run script with
$ sudo nano /etc/service/yalertunnel-ssh/run
- Check the path (default: /home/pi/yalertunnel), set the port of the local SSH service (default: 22), and set your relay domain
1 #!/bin/sh ⋮ 6 exec /home/pi/yalertunnel/yalertunnel proxy 127.0.0.1:22 try.yaler.io:80 RELAY_DOMAIN </dev/null 2>&1 | logger -t yalertunnel-ssh
Save changes with CTRL-X, then Y, then RETURN. Do not change the local IP (default: 127.0.0.1), unless the SSH service runs on a separate device in the same network.
- Reboot your Raspberry Pi 2 to run the script
$ sudo reboot
Done. Now let's see how to access the Raspi.
Step 5: Access the Raspberry Pi 2 With an SSH Client
Using Putty on Windows
- Follow the steps https://yaler.net/putty
Using ssh on Mac or Linux
Unlike Putty, the ssh command does not support "HTTP CONNECT", so we need YalerTunnel on this side of the relay, too. Here's how that looks:
SSH Client -> YalerTunnel in Client Mode -> (Firewall) -> Relay Service
Install YalerTunnel on Mac or Linux
- Make sure JDK6 (or later) is installed
- Make sure your PATH environment variable contains the JDK's bin directory
- Get the YalerTunnel Java source from https://bitbucket.org/yaler/yalertunnel/downloads/YalerTun...
- Unzip the ZIP file, open a terminal, and build YalerTunnel with
$ javac YalerTunnel.java
Remotely access the Raspberry Pi 2 with SSH
- On your client computer, to start YalerTunnel in client mode, type
$ java YalerTunnel client localhost:10022 try.yaler.io:80 RELAY_DOMAIN
- In a second terminal, on the client computer, access your device via the local YalerTunnel with ssh
$ ssh pi@localhost -p 10022 -o ServerAliveInterval=5
Done. You should now have SSH access to your Raspberry Pi 2.
If there's no connection
- Make sure you use the correct relay domain
- To see if the YalerTunnel service is running on your device, type
$ ps aux | grep [y]aler
That's it. Thanks for reading to the end. If you've got questions, get in touch.