Access Raspberry Pi Remotely from outside network over the Internet

Remote SSH into IoT devices or Raspberry Pi behind NAT router or firewall from outside network over the internet

Raspberry Pi remote SSH access is key to monitoring, controlling and debugging industrial machineries, automobile fleet and home automation devices from far away remote locations when human access to such devices is not possible at a particular moment.

In this article, we’ll discuss how to remote SSH into IoT devices or Raspberry Pi behind NAT router or firewall from outside network over the Internet using SocketXP IoT Controller.

What is SocketXP

SocketXP creates secure SSL/TLS tunnels to connect to your remote IoT devices.

SocketXP also creates a unique public web URL for each of the private web applications running in your remote IoT devices. Online services could communicate with your private web application using the public web URL..

How SocketXP IoT Remote SSH Access solution works

Step 1: Download and Install

Step 2: Get your Authentication Token

Use the following command to login to the SocketXP IoT Cloud Gateway using the auth token.

Step 3: Create SocketXP SSL Tunnel Endpoint for Remote SSH

$ socketxp connect tcp://localhost:22TCP tunnel [test-user-gmail-com-34445] created.
Access the tunnel using SocketXP agent in IoT Slave Mode

Security Note:

SocketXP is a highly secure IoT Remote Access solution. SocketXP, unlike other IoT Remote SSH solutions in the market, doesn’t create any public TCP tunnel endpoints (a public IP address and TCP port combo) that can be connected to by any SSH client from the internet. SocketXP secure private tunnel endpoints are not exposed to the internet.

SocketXP secure private tunnel endpoints can be accessed only using the SocketXP agent running in IoT slave mode (using the auth token provided to the user) or through the XTERM terminal in the SocketXP IoT Portal page.

Why this is important?

Anonymous users or hackers or random port scanners from the internet cannot SSH into your IoT device from the internet. Even your employees cannot access your IoT device without knowing the SocketXP auth-token uniquely assigned to you. SocketXP secure private tunnel endpoints thwarts DDoS attacks that prevent remote access to your IoT or Raspberry Pi devices.

SSH from Web Browser

When you click the terminal icon next to your device listed in the SocketXP Portal Page, you’ll be prompted to provide your Username and Password. After successful authentication with the SSH server running in your IoT device, you’ll be logged into your device shell.

htop command run from the SSH web console.

Once you are in the shell you could execute any shell command. The above screen capture shows the ‘htop’ command run to display the CPU and Memory resource usage.

Configuring SocketXP agent to run in slave mode

If you don’t want to access your IoT device or RPi from the browser and you want to access it using your own SSH client using a public/private key then follow the instructions below.

First download and install the regular SocketXP agent software on your accessing device (such as a laptop running Windows or Mac OS). Next, configure the agent to run in slave mode using the command option “ — iot-slave” as shown in the example below. Also, specify the name of the private TCP tunnel you want to connect to, using the “ — tunnel-name” option.

$ socketxp connect tcp://localhost:3000 --iot-slave --tunnel-name test-user-gmail-com-34445Listening for TCP connections at:
Local URL -> tcp://localhost:3000

Accessing the IoT device from your laptop

$ ssh -i ~/.ssh/john-private.key john@localhost -p 3000

We recommend using SocketXP Private TCP Tunnels for all your remote IoT device access needs.

SocketXP Scaling and Performance

Ganesh Velrajan is the founder of SocketXP. Learn more about SocketXP Remote Access Solutions at

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store