Access Raspberry Pi Externally using ngrok
Feb 26, 2017In this blog post we will set up our Raspberry Pi so it will accessed using SSH from outside our home network. Below is a diagram of the architecture:
[ Home Network : Raspberry Pi ] <– [ ngrok ] –> [ External Network ]
From our home network we will create a secure tunnel, through ngrok. Which we will then connect to from our external network. This will allow us to SSH into our Raspberry Pi, and manage it.
What is ngrok?
ngrok is a fantastic tool which allows you to create secure tunnels to localhost. So you can do things like expose a local server behind a NAT or firewall to the internet. See the ngrok homepage for more information.
Lets get started!
Step 1: Enable Passwordless SSH Access
You need to configure your Pi for SSH access. Follow the steps described in the following link (very carefully):
By the end, you should be able to type:
$ ssh USER@Pi-IP-ADDRESS
And connect to your Raspberry Pi without a password prompt. For example:
$ ssh pi@192.168.0.42
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sat Feb 25 20:24:30 2017 from 192.168.0.42
pi@raspberrypi ~ $
No prompt for a password.
Note: the computer you generated the SSH keys on (and copied to the Pi). Is the computer you will be using to connect to your Pi, from the external network.
Step 2: Install ngrok on your Raspberry Pi
Go here and follow the instructions to install ngrok on your Pi.
Step 3: Run ngrok on your Raspberry Pi
Run ngrok with the following options:
pi@raspberrypi ~ $ ngrok tcp 22
Step 4: Copy ngrok Host and Port
Once ngrok starts, it will display a tcp:// address on the forwarding line, for example:
Forwarding tcp://123xyz0.tcp.ngrok.io:17684 -> localhost:22
Copy the host name 123xyz0.tcp.ngrok.io and the port 17684.
Note: the host name and port will be different for you.
Step 5: Edit SSH config file
In step one you generated some ssh keys on your computer, and then copied them to the raspberry Pi. On the computer you generated the SSH keys on, add the following details to ~/.ssh/config:
Host ngrok
HostName 123xyz.tcp.ngrok.io
IdentityFile ~/.ssh/id_rsa
Again, the host name will be different for you.
Note: we are using the same key we copied over to the Pi in step one, you can generate new SSH keys if you like.
Step 6: Access the Raspberry Pi from outside your network
Now with your computer not connected to your home network, type the command:
$ ssh pi@ngrok -p 17684
Change the username and port to match yours.
You should now be connected to your Raspberry Pi using SSH through ngrok.
Fin.