https://github.com/fracpete/rpi-remote-access

Remote access to a Raspberry Pi via reverse proxy frp.
https://github.com/fracpete/rpi-remote-access

frp raspberry-pi remote-access reverse-proxy

Last synced: about 1 year ago
JSON representation

Remote access to a Raspberry Pi via reverse proxy frp.

• Host: GitHub
• URL: https://github.com/fracpete/rpi-remote-access
• Owner: fracpete
• License: cc-by-sa-4.0
• Created: 2021-11-08T20:39:23.000Z (over 4 years ago)
• Default Branch: main
• Last Pushed: 2021-11-22T01:01:34.000Z (over 4 years ago)
• Last Synced: 2024-10-19T12:15:56.935Z (over 1 year ago)
• Topics: frp, raspberry-pi, remote-access, reverse-proxy
• Homepage:
• Size: 11.7 KB
• Stars: 5
• Watchers: 3
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# rpi-remote-access

In order to get ssh access to a Raspberry Pi (e.g., through a 4G modem or if it is behind a firewall), the [frp](https://github.com/fatedier/frp/) reverse proxy can be used.

For this purpose, a server with a public IP or DNS name will act as server (e.g., an AWS server in the free tier) that the Raspberry Pi will connect to.

## Server (eg cloud VM)

Inbound ports that need to be open:

* 22 - for general ssh access

* 7000 - general inbound connections from clients

* 6000 - for accepting ssh connections and forwarding them to the client (unique to each client)

Server requires DNS name or fixed IP address. DynDNS, like [noip.com](https://noip.com/), 

works as well. See the [DynDNS](dyndns.md) article for instructions.

For this example, we are assuming `mydevice.ddns.net` as the server DNS name.

Install frp:

* Download appropriate [release binary](https://github.com/fatedier/frp/releases/tag/v0.37.1)

  ```bash

  sudo bash

  cd /opt

  wget https://github.com/fatedier/frp/releases/download/v0.37.1/frp_0.37.1_linux_amd64.tar.gz

  tar -xzf frp_0.37.1_linux_amd64.tar.gz

  ln -s frp_0.37.1_linux_amd64 frp

  ```

* Create `/etc/frps.ini` with the following content:

  ```ini

  [common]

  bind_port = 7000

  ```

  

* Create systemd service `/etc/systemd/system/frps.service` with the following content:

  ```ini

  [Unit]

  Description=frp reverse proxy server

  After=network.target

  

  [Service]

  User=ubuntu

  Group=ubuntu

  WorkingDirectory=/opt/frp

  ExecStart=/opt/frp/frps -c /etc/frps.ini

  

  [Install]

  WantedBy=multi-user.target

  ```

  

* Install systemd service

  ```bash

  sudo systemctl enable /etc/systemd/system/frps.service

  ```

  

* Start service

  ```bash

  sudo systemctl start frps.service

  ```

## Client (Raspberry Pi)

Inbound ports that need to be open:

* 22 - for ssh access

Install frp:

* Download appropriate [release binary](https://github.com/fatedier/frp/releases/tag/v0.37.1)

  * 32-bit

    ```bash

    sudo bash

    cd /opt

    wget https://github.com/fatedier/frp/releases/download/v0.37.1/frp_0.37.1_linux_arm.tar.gz

    tar -xzf frp_0.37.1_linux_arm.tar.gz

    ln -s frp_0.37.1_linux_arm frp

    ```

  * 64-bit

    ```bash

    sudo bash

    cd /opt

    wget https://github.com/fatedier/frp/releases/download/v0.37.1/frp_0.37.1_linux_arm64.tar.gz

    tar -xzf frp_0.37.1_linux_arm64.tar.gz

    ln -s frp_0.37.1_linux_arm64 frp

    ```

* Create `/etc/frpc.ini` with the following content:

  ```ini

  [common]

  server_addr = mydevice.ddns.net

  server_port = 7000

  

  [ssh]

  type = tcp

  local_ip = 127.0.0.1

  local_port = 22

  remote_port = 6000

  ```

  

* Create systemd service `/etc/systemd/system/frpc.service` with the following content:

  ```ini

  [Unit]

  Description=frp reverse proxy client

  After=network.target

  

  [Service]

  User=pi

  Group=pi

  Restart=on-failure

  RestartSec=15s

  WorkingDirectory=/opt/frp

  ExecStart=/opt/frp/frpc -c /etc/frpc.ini

  

  [Install]

  WantedBy=multi-user.target

  ```

  

* Install systemd service

  ```bash

  sudo systemctl enable /etc/systemd/system/frpc.service

  ```

  

* Start service

  ```bash

  sudo systemctl start frpc.service

  ```

## Raspberry Pi access

Changing remote access to the Raspberry Pi to using ssh-keys only (as user `pi`):

* On admin laptop create a ssh key in `$HOME/.ssh`:

  ```bash

  ssh-keygen -f mydevice

  ```

* Output the content of the public key (`mydevice.pub`) and paste it on the Raspberry Pi into `/home/pi/.ssh/authorized_keys`

* On admin laptop, create the following entry in `$HOME/.ssh/config`:

  ```

  Host mydevice

    User pi

    Hostname mydevice.ddns.net

    Port 6000

    IdentityFile ~/.ssh/mydevice

  ```

* On Raspberry Pi, edit the `/etc/ssh/sshd_config` file and disable password authentication:

  ```

  PasswordAuthentication no

  ```

* Restart the `ssh` service on the Raspberry Pi

  ```bash

  sudo systemctl restart ssh

  ```