Remote Access IoT device, Raspberry Pi using SSH Public Private Keys
In this blog, we’ll discuss how to remote access Raspberry Pi or IoT device using SSH public private keys, allowing you to remotely manage your devices more securely.
Raspberry Pi, a popular Single Board Computer (SBC), is a small, energy-efficient device that’s perfect for a variety of projects.
SSH or Secure Shell is a securely way to remotely access your Raspberry Pi or IoT device’s shell using SSH keys.
We will be using SocketXP IoT Management and Remote Access Platform to remotely connect to IoT or AI device over the internet without port forwarding.
You can use SocketXP to remotely connect to any Raspberry Pi behind NAT router and firewall from outside network such as the internet.
The same method can be used to SSH remote access any Linux based embedded devices: ARM, MIPS based boards, Raspberry Pi, Arduino, Nvidia Jetson Nano and more.
SocetXP is platform independent IoT/AI device remote access solution.
What is SocketXP
SocketXP is a cloud based secure remote access solution to access, manage and debug embedded Linux devices such as Raspberry Pi, Nvidia Jetson or an IoT device over the internet. SocketXP creates a secure SSL/TLS connection over the internet to your Raspberry Pi for secure remote access.
No configuration changes are required in your home or office router to make the SocketXP solution work. No public IP is required.
It simply works out of the box.
SocketXP creates SSL/TLS reverse proxy tunnels to securely connect to remote devices.
SocketXP does not use insecure methods such as port-forwarding techniques or Dynamic DNS(DDNS) to provide remote access to your Raspberry Pi.
SocketXP is an enterprise-grade IoT remote access and device management platform trusted by thousands of customers around the world today for secure remote access to their IoT devices over the internet from anywhere.
Let’s dive in and get started.
1. Remotely connect to Raspberry Pi, IoT behind NAT router or firwall over the Internet using SSH Keys
To learn more refer to: how to setup and configure your Raspberry Pi for remote SSH access over the internet
How SocketXP IoT Remote Access solution works
- First, you need to install the SocketXP agent on your IoT or Linux device.
- The agent will securely connect (using an SSL/TLS tunnel) to the SocketXP IoT Cloud Gateway using an authentication token.
- You can then SSH connect to your IoT or Linux device from the SocketXP Web Portal or using your own SSH client such as PuTTY.
Follow the steps below to install and setup SocketXP agent on your IoT or Linux device.
Step 1: Download and Install
Follow the download and install instructions to install the SocketXP agent on your Linux device.
Step 2: Get your Authentication Token
Sign up at https://portal.socketxp.com and get your authentication token.
Use the following command to login to the SocketXP IoT Cloud Gateway using the auth token.
$ socketxp login [your-auth-token-goes-here]
Step 3: Connect the device to the SocketXP Cloud Gateway
Use the following command to connect the Linux device to the cloud gateway using a secure SSL/TLS connection.
$ socketxp connect tcp://localhost:22
Connected to SocketXP Cloud Gateway.
Access the device securely using the SocketXP agent in IoT Slave Mode.
For the security of your device, SocketXP IoT Solution doesn’t create any public TCP endpoints that can be connected by any SSH client from the internet.
SocketXP private tunnel endpoints are not exposed to the internet and can be accessed only using the SocketXP agent (in IoT slave mode using the auth token of the user) or through the web terminal in the SocketXP web portal as shown below.
Single-Touch Installation Command
The 3 step instruction explained above to setup SocketXP on your IoT Linux device is a tedious process, if you have thousands of IoT Linux devices to install, configure and manage.
With this in mind, SocketXP IoT Remote Access Solution also provides a single-touch installation command for installing and configuring SocketXP IoT Agent on large number IoT Linux devices.
Copy and paste the below single-touch installation command from the SocketXP Portal page on to the terminal of your IoT device. The command shown below will download a shell script that will install, configure, setup SocketXP IoT agent on your IoT device. After the command completes, the Linux server device would show up as online in the SocketXP Portal page.
Step 4: Remotely Accessing the IoT device SSH from anywhere
Your Linux device is now ready to be accessed remotely from anywhere in the world using SSH by simply logging in to the SocketXP Web Portal.
SocketXP also provides the option of using your own SSH client software such as PuTTY, SecureCRT, OpenSSH client etc. We will discuss this option below in the next section on SocketXP Slave Mode agent feature.
Head to the “Devices” section, find your Linux IoT device listed in the table. Click the terminal icon next to your device. It will take you to a SSH login screen.
You have two options to perform SSH authentication and login:
- SSH public private keys
- SSH Username and Password
SSH public private key based authentication and login, is a more secure way to remote access your IoT device via SSH. Learn more about SSH security best practices in our best practices guide.
Select SSH public key authentication, provide the login user name and click login. A short-lived SSH key pair will be generated and synced between the SSH web client and your remote device. Once the login is successful, the SSH key will be deleted from the device.
After a successful SSH key based login, you’ll be shown a terminal window with a shell prompt to enter any Linux command on your remote IoT device.
The above screen capture shows the “htop” command output from an SSH session created using the SSH web terminal window in the SocketXP web portal.
SocketXP also provides the option of using your own SSH client software such as PuTTY, SecureCRT, OpenSSH client etc. We will discuss this option below in the next section on SocketXP Slave Mode agent feature.
Step 5: SSH Remote Access Using Third Party Tools
This is an alternate method for connecting to your Linux SSH server from anywhere using third party SSH/SFTP clients such as PuTTY, Filezilla, SecureCRT etc.
If you don’t want to access your IoT Linux device’s SSH server from the browser and you want to access it using your own SSH client such as PuTTY then follow the instructions below.
This method is also extremely useful if you want to setup and use SSH public private keys to remote access your device.
First download and install the SocketXP agent software on your accessing device (such as a laptop running Windows or Mac OS).
Next, configure the agent to run in slave mode (or local proxy mode) using the command option “-iot-slave” as shown in the example below.
$ socketxp connect tcp://localhost:3000 --iot-slave --peer-device-id "2233-4455-abcd-34445" --peer-device-port 22 --authtoken <auth token>
Connected.
Access the TCP service using SocketXP agent in IoT Slave Mode or from the web portal.
You shall find the device ID of your device from the SocketXP Portal page in the IoT Devices section.
Now you can access your IoT device’s SSH server using the above SocketXP local endpoint, as shown below.
You can use your own SSH client such as PuTTY to connect to your remote IoT device’s SSH server. The following example uses a command line based SSH client tool.
$ ssh -i ~/.ssh/john-private.key john@localhost -p 3000
The above SSH client command uses the “-i” option to provide an SSH private key for user “john”, so that the SSH server could authenticate the user using the SSH key and allow login to the SSH shell.
Advantages of using SocketXP for remote SSH access to IoT device from anywhere using SSH keys:
SocketXP uses secure reverse proxy SSL/TLS tunnels to connect to your IoT Linux device over the internet, so that your device is not directly exposed to the internet. Also, the data transmitted is encrypted using SSL/TLS.
SSH uses the same cryptography technology used by banks and governments to exchange highly confidential data over the internet.
The data transferred gets encrypted end-to-end between the SSH client and the SSH server.
SocketXP has no way to decrypt or eavesdrop your encrypted data without knowing your SSH private keys. SocketXP merely acts as an SSL/TLS reverse proxy server for your encrypted data traffic transmitted through the SSH connection.
Conclusion
Remotely connecting to your Raspberry Pi, IoT device or any Linux device via SSH provides a convenient and powerful way to control your Linux based IoT devices from anywhere in the world.
By following the steps outlined in this article, you can easily enable SSH key based remote acceess to your IoT, install SocketXP IoT Remote Access agent on it, and connect to it remotely using SSH keys from anywhere.
Once connected, you can perform various tasks to manage your IoT devices remotely, including updating packages, installing/removing software, configuring settings, transferring files, managing processes, and performing system maintenance.
With remote access, you can unlock the full potential of your IoT, Raspberry Pi, Arduino, Nvidia Jetson or any Linux device and use it for a wide range of applications with ease and convenience.