DasKraut
Posts: 7
Joined: Tue Sep 09, 2014 9:19 am

How to access RPI over the net? Can't get it to work.

Tue Sep 09, 2014 9:36 am

Hey, all.

I'm just getting started with my RPi. I'm able to connect to it via Terminal on my Mac as long as I'm connected to my local network. But I can't connect to it from my work Mac.

I have forwarded an external port number to my RPI's IP (I have it static) internal port 22. Here I'm getting hung up is the documentation for SSH doesn't break it down. It goes from listing tons of commands without explaining it, into complex examples that mean absolutely nothing to me.

What is the command to type in my remote terminal program to reach my RPI at home? When I'm local, I just type "ssh pi@192.168.##.##" and it connects perfectly. When I'm at work, I've all sorts of combinations...
ssh pi@100.234.23.112:[port]
ssh 100.234.23.112 -l pi
ssh [port] -l pi 100.234.23.112

...nothing works. If I don't get an error message, it just goes down a line like I hit return in a text editor. Nothing ever happens.

Are there any step-by-step guides out there on how to do this? I keep finding piece meal help in all these different forums, but no straight answer walk-through.

Thanks in advance!

User avatar
default_user8
Posts: 660
Joined: Mon Nov 18, 2013 3:11 am

Re: How to access RPI over the net? Can't get it to work.

Tue Sep 09, 2014 10:59 am

The syntax should be:
"ssh -p xxxx(external port number) user(in your case user is pi)@xxx.xxx.xxx.xxx(public ip address)

So it should look like this at the treminal prompt:
$ssh -p 1234 pi@100.123.12.12
Just with your port number and ip address, when you get it figured out you can use this tutorial to simplify your ssh connection.
http://superuser.com/questions/76193/ho ... ow-leopard

Also, not sure about where you are, but a lot of residential ISP's use dynamic ip addresses. So you may want to set up a ddns so you don't have to keep up with your public ip address.
Last edited by default_user8 on Tue Sep 09, 2014 11:03 am, edited 1 time in total.
Two heads are better than one, unless one's a goat head.

User avatar
RaTTuS
Posts: 10458
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK

Re: How to access RPI over the net? Can't get it to work.

Tue Sep 09, 2014 11:02 am

and for you own safety - disable the user pi and use another username
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

User avatar
redhawk
Posts: 3465
Joined: Sun Mar 04, 2012 2:13 pm
Location: ::1

Re: How to access RPI over the net? Can't get it to work.

Tue Sep 09, 2014 11:11 am

It would also be advisable to change or add an additional SSH port number and do not forward TCP 22 (to minimise on script kiddie attacks).

Richard S.


User avatar
default_user8
Posts: 660
Joined: Mon Nov 18, 2013 3:11 am

Re: How to access RPI over the net? Can't get it to work.

Tue Sep 09, 2014 11:35 am

And one more thing ditch the passwords and learn to use key pairs.
Two heads are better than one, unless one's a goat head.

DasKraut
Posts: 7
Joined: Tue Sep 09, 2014 9:19 am

Re: How to access RPI over the net? Can't get it to work.

Tue Sep 09, 2014 5:54 pm

Copy that! Thanks, folks!

Believe it or not, while I was awaiting approval for this post to go up, I figured it out. I actually was able to connect with "ssh pi@123.45.678.910 -p 1234"....so that's one step closer.

And yes, I'm well aware of Dynamic DNS. I've actually been port forwarding for years, and I've been hyper sensitive to security in recent years, so I'm trying to learn all that stuff. I actually only turn the port forwarding on when I need through through remote management of my router...which I have set to non-standard ports as well.

I'm also a complete newbie to Raspberry Pi and terminal commands...well...not REALLY a newbie to terminal... but I've been copying and pasting others' code for years, and now I'm trying to wrap my head around it like back in the DOS days.

My plan is to host a small webserver (not for a web page though, mainly for Cal/CardDAV servers), and to also run it as a proxy/VPN/SQL host. I currently use Hamachi, which has been great for the most part... But I'd like to start hosting some things myself. No reason to trust others with my security.

Know what I mean, Vern?

DasKraut
Posts: 7
Joined: Tue Sep 09, 2014 9:19 am

Re: How to access RPI over the net? Can't get it to work.

Tue Sep 09, 2014 5:56 pm

Oh, and about the ditching of the passwords...yes! That's my next step. But that one is a completely new idea to me, so I'm scouring for good intel on it now.

Any tips would be greatly appreciated. I'm incredibly concerned about security due to the nature of my business (I work in an industry that sounds sorta like "Molly...would".....*cough*) and I have to be hyper sensitive on content/traffic.

DasKraut
Posts: 7
Joined: Tue Sep 09, 2014 9:19 am

Re: How to access RPI over the net? Can't get it to work.

Tue Sep 09, 2014 6:02 pm

redhawk wrote:It would also be advisable to change or add an additional SSH port number and do not forward TCP 22 (to minimise on script kiddie attacks).

Richard S.
I have taken down the port forward (again, I only use it when I need it...for now...), but could I ask for a little clarification? Specifically, I have an external port (not port 22) forwarded to my internal port 22 on the RPI. I just read that it's possible to change the internal port on the RPI for SSH to something else...

Should I do that? And is that what you were referring to? Or were you simply telling me not to have a direct line external & internal being port 22. (straight line instead of a redirect)

Does that make sense? ...I feel like I explained it in a slightly convoluted way.

User avatar
DougieLawson
Posts: 36123
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: How to access RPI over the net? Can't get it to work.

Tue Sep 09, 2014 6:06 pm

Leave SSH port 22 on your LAN alone. Change it on your WAN (port forward WAN port 2222 to LAN port 22) if you must.
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

DasKraut
Posts: 7
Joined: Tue Sep 09, 2014 9:19 am

Re: How to access RPI over the net? Can't get it to work.

Tue Sep 09, 2014 6:27 pm

DougieLawson wrote:Leave SSH port 22 on your LAN alone. Change it on your WAN (port forward WAN port 2222 to LAN port 22) if you must.

Right on. Just to clarify... I read that I can change it on the RasPi itself. So it listens for SSH on a non-standard port. I thought maybe that could potentially create confusion with any other service that might utilize SSH, but I wasn't certain. The only reason I'd change the internal port is for security purposes... I figured any port scan could sniff out the external port sending to a common SSH internal port.

But you're saying I should not alter the RasPi itself? Any reason why? Or is it exactly for the reason I assumed above?

Thanks. Oh...and I'm with you on the gaff tape (your sig)... I've got many colors on a rope, myself. ;)

DasKraut
Posts: 7
Joined: Tue Sep 09, 2014 9:19 am

Re: How to access RPI over the net? Can't get it to work.

Tue Sep 09, 2014 6:29 pm

RaTTuS wrote:and for you own safety - disable the user pi and use another username
I planned on making a new user on the pi....haven't gotten to that point in the manual yet. Hoping to do as little with the GUI interface as possible, by the way (not that you mentioned it, just a general note). I want to force myself to get more comfortable in the terminal world. ...there's a method to my madness. ...or, rather a madness to my method, methinks.
Last edited by DasKraut on Wed Sep 10, 2014 8:42 am, edited 1 time in total.

User avatar
DougieLawson
Posts: 36123
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: How to access RPI over the net? Can't get it to work.

Tue Sep 09, 2014 6:31 pm

DasKraut wrote: But you're saying I should not alter the RasPi itself? Any reason why? Or is it exactly for the reason I assumed above?
Because it's a PITA and does nothing to enhance security (which should be OK on your "trusted" LAN).
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

User avatar
default_user8
Posts: 660
Joined: Mon Nov 18, 2013 3:11 am

Re: How to access RPI over the net? Can't get it to work.

Tue Sep 09, 2014 7:23 pm

You might be interested in bitttorrent sync if you'd like to "start hosting things yourself". BTSync is a dropbox type service that lets you sync files between computers without going through a 3rd party sever(ie. Icloud). I recently migrated away from dropbox and have been very happy so far with btsync. Not that i have any top secret files to protect, but it's nice to know i'm in control of my own data.
Two heads are better than one, unless one's a goat head.

DasKraut
Posts: 7
Joined: Tue Sep 09, 2014 9:19 am

Re: How to access RPI over the net? Can't get it to work.

Wed Sep 10, 2014 8:47 am

default_user8 wrote:You might be interested in bitttorrent sync if you'd like to "start hosting things yourself". BTSync is a dropbox type service that lets you sync files between computers without going through a 3rd party sever(ie. Icloud). I recently migrated away from dropbox and have been very happy so far with btsync. Not that i have any top secret files to protect, but it's nice to know i'm in control of my own data.
Oh yeah, I use it all the time. Great system! My biggest issue is I need to be able to share certain things with the luddites I have to deal with on a daily basis. I've read about setting up a web-based secure download link with it...but I'm just not there yet. I've got more to learn about all this.

Also, I've read about it being possible (I think) to set up your own tracker server with BTSync. ...basically, I have a lot of work ahead of me. Need secure connections, webserver, SQL, and a CardDAV server to start right now... But first thing's first...learning how to work with this little bastard. haha

User avatar
default_user8
Posts: 660
Joined: Mon Nov 18, 2013 3:11 am

Re: How to access RPI over the net? Can't get it to work.

Wed Sep 10, 2014 5:50 pm

Haha, it is somewhat addictive. I'm constantly in a state of ok i got that working what can i make it do now. I really should get another pi to tinker with and leave this one alone since it's my home NAS.
Two heads are better than one, unless one's a goat head.

collymonster
Posts: 14
Joined: Wed Dec 17, 2014 1:54 pm

Re: How to access RPI over the net? Can't get it to work.

Wed Dec 17, 2014 2:46 pm

Hi all - wasn't sure on etiquette here - this tread is exactly the issue I'm having - nothing above so far has worked for me - but the thread conversation has morphed a little...

I can ssh into my PI on network.
I cannot ssh in from an external network.
I have port 22 forwarded on router (relatively new d-link DSL-2980AL, so haven't bee able to find much in the way of troubleshooting why I can bl*#dy access the router login page externally either - enabling remote access doesn't help - BUT, that's another story!)
I have set the internal ip for the PI to static.
I have a dns for the router - two infact - (though the external IP won't work either).
Thought it might just be a syntax error, but none of the above have worked, nor does the syntax that works for me when on network.
I'm fairly sure it's not a port forwarding issues as I have a NAS (on same router, with port forwarding, and a static internal ip) that works from external - so I've just followed the same practices.

Image

This is what I used for access when on network - this works.

Code: Select all

ssh -X pi@192.168.1.10
When off network, I've been trying:

Code: Select all

ssh -X pi@externalip/dns 22
ssh pi@externalip/dns -p 22
ssh -p 22 pi@externalip/dns
All result in
ssh: connect to host externalip/dns port 22: Connection refused
I'm sure it'll be something simple i've overlooked...

Thanks for your help, in advance.

collymonster
Posts: 14
Joined: Wed Dec 17, 2014 1:54 pm

Re: How to access RPI over the net? Can't get it to work.

Thu Dec 18, 2014 9:11 am

All good - got it figured.

So first of all - the newer DLINK software - it's tough to find anything on the web re how-to's or support material on using the 'Port Forwarding' vs 'Virtual Server' - both are essentially for port forwarding, but server slightly different purposes.
Where Port forwarding is just a direct tunnel through a port to an internal ip, Virtual server is a redirected tunnel through an external port (or WAN) port, to an internal (or LAN) port, to an internal ip.

Turned out, I couldn't get a connection to my pi, externally, because my ISP was blocking the relevant ports (22 for my SSH Pi) and 80 (for my router - 80 has nothing to do with ssh/pi, it's just why I couldn't access my router login page from the internet). So, if you use Internode ISP, or your ISP does something similar, bear that in mind when/if you run into issues.

Changed my router port to a random number - access from the web using IP and DNS worked perfectly.

Used virtual server to forward a random external port to internal port 22 (and then to the pi static ip - my router allows me to reserve internal ports so it won't change)

Then use

Code: Select all

ssh -X -p PORT PIuserNAME@dnsORip
to access your pi from external network.

Once in - get the GUI up with

Code: Select all

/etc/X11/Xsession
- if you don't have X11 installed (I didn't as OSX Yosemite update removes it), get it here: http://xquartz.macosforge.org/landing/ - be sure to reboot your computer after install or it won't work and you'll go nuts trying to figure out why!

Return to “Troubleshooting”