INTRODUCTION
This discussion is a continuation from here: superuser.com/questions/610383/remote-access-without-teamviewer-or-hamachi/610396?noredirect=1#comment755389_610396
I want to remotely and securely access my Raspberry Pi with SSH and VNC. Here's what I'm using:
- Router: Westell A90-750022-07
(portforward.com/english/routers/port_forwarding/Westell/A90-750022-07/Minecraft_Server.htm) - Client: HP DV9000, Windows, Putty (for CLI), tigerVNC-viewer (for GUI)
- Server: Raspberry Pi, Arch Linux, tigerVNC-server, openSSH
Basically what I found out from the previous discussion (see the first link above) was that I don't need to use VPN software, like openVPN. They said I just need to forward ports.
MAIN PROBLEM
- I can setup port forwarding and verify with this: www.yougetsignal.com/tools/open-ports
BUT
- I can't remotely SSH to my server with putty
- I don't know how to securely connect using VNC and SSH together
========================================================================
MORE INFO – Router Settings
Here's my current setup (screenshots 6 & 7 from the second link above):
- Protocol: both
- Start Point: 65432
- End Port: 65432
- LAN Port: 22
- Direction: in
- Port Direction: dst
Last screenshot from the second link above:
- Inbound Only Selected
- Raspberry Pi selected as LAN device with its private IP
MORE INFO – Putty Settings
Note: If your client is an iPhone, you can use vSSH Lite instead of Putty.
- Destination: Public IP Address
- Port: 65432
- Protocol: SSH
See Update 1: I was getting errors here before because I was trying to remotely connect while being on the local network. That's why there's a bunch of comments about SSH and putty below.
MORE INFO – tigerVNC-viewer Settings
Note: If your client is an iPhone, you can use PocketCloud instead of tigerVNC-viewer.
- Not quite sure where to start on this. I'll be doing research on it though…
See Update 2
Update 1
I made a big mistake with putty: Apparently you can't SSH from a client on your home network to its public address. Thanks everybody for your feedback. I really appreciate the time you all put into helping me out. Sorry I made such a goofy mistake!
Edit: According to TheReddog's comment below, this might actually be possible with something called "IP Passthrough" but since I was able to successfully connect with putty, I didn't really look into it.
Now I just need to figure out how to do the same exact thing with a securely connected VNC client…
Update 2
I think I got tigerVNC-client to work securely. I followed these two guides:
- Use the vncserver in linux to start localhost only VNC session – https://wiki.archlinux.org/index.php/Vncserver#Securing_VNC_Server_by_SSH_Tunnels)
- Make a tunneled putty client connection. Then start a "local" VNC client session – http://www.maths.utas.edu.au/People/Hill/vncvnc-html
To summarize the findings in these two links: Basically the first link explains everything. According to the information under the heading "On the Server", do this:
vncserver -geometry 1440x900 -alwaysshared -dpi 96 -localhost :1
.
Then, under the heading "On the Client", the instructions explain how to connect VNC tunneled through SSH in linux.
- SSH command:
ssh IP_OF_TARGET_MACHINE -L 8900/localhost/5901
- VNC command:
vncviewer localhost:8900
The second link basically shows you how to do the client SSH command with putty and the client VNC command with a VNC viewer in Windows instead.
Can I get confirmation that this is secure?
Best Answer
On the Raspberry Pi server do you have the public ip configured as a listener? Openssh by default will only accept connections destined for the ip specified on the NIC.
Check out the 6th option on this page for how to add it. http://www.thegeekstuff.com/2011/05/openssh-options/