Raspberry Pi remote access can be tricky. On the one hand you want to monitor your project while away from your network, but on the other hand you don’t want other people to find it easy to do the same. Hackers, for example.
By far the most popular question I got after I shared my Octopi tutorial was about how to gain remote access, from work or school.
What can you do? How can you make it easy for you, but difficult for bad guys?
There are three options that I have employed (even on the Pi Zero W!), each have pros and cons. Let’s take a look so you can choose the approach that will work best for you …
Basic Raspberry Pi Security – Start Here
One thing to get straight right up front is I am not an IT security expert! If in doubt, get advice from an actual security advisor. Someone like SwiftOnSecurity, I don’t know, just not me. ¯\_(ツ)_/¯
Change your default password
It’s crazy how many people leave their Raspberry Pi with the default password of raspberry. Just don’t.
You don’t need to change the Root password, it’s usually disabled by default, just the Pi user’s password. Log in as Pi then enter the command
It will ask you for your existing password then the new one twice, and boom, password changed!
Install a firewall
Next we can restrict what people are allowed to access from outside the Pi with a firewall.
This will download and install one called Uncomplicated Firewall.
sudo apt-get install ufw
Then you can make the default to deny all connections
ufw default deny incoming
Of course you will want to be able to SSH login from within your own network, for example:
sudo ufw allow from 10.0.0.0/24 to any port 22 proto tcp
For the sake of this tutorial you probably want to enable web access from the wider internet:
sudo ufw allow from any to any port 80 proto tcp
As you can see, there is a pattern of allow/disallow from ____ to ____, so you can also enable SSL connections with port 443, you might have a proxy on 8080, and so on.
Obvious, nuclear option
Of course the most seemingly obvious option is the most overlooked – if you are not using it shut it down!
My Octopi boxes are plugged into power strips that power the individual printers, and my Kodi boxes are plugged into the USB of the TVs they run off, turn the TV/power off and the Raspberry Pi box is also turned off. Of course that’s bad for the SD card, but I have backups, and no important files are kept on them, so no biggie.
Now, on to the good stuff 🙂
Before we get to actual remote access, let’s start with making the data accessible, rather than the computer …
Limited Raspberry Pi “Remote Access” to Data
If security is paramount, the most paranoid option is to not allow actual remote access at all, but instead have the Raspberry Pi reach out or sync.
Octopi Remote Access – Octoprint Telegram Plugin
For Octopi users, that usually starts with a plugin. One of the nicer Octoprint plugins for these purposes works with the Telegram chat system. It keeps you updated about print progress, and more.
You can find out about the plugin here, and install it right within Octoprint from the settings, plugins page.
You might have simpler needs, however. For old school notifications, I’m a big fan of Mailgun for sending email (you get a whole bunch of emails with a free account, and it has excellent deliverability).
Raspberry Pi Mailgun Python Script:
For files, Dropbox is the way to go (especially as files are then accessible via phone/tablet, and you can hook up automation with IFTTT.com): git clone the repo. Get your API keys. Use the script (./dropbox_uploader.sh) to upload files. Boom.
Raspberry Pi Dropbox Webcam Shell Script:
I have more in depth examples and instructions of both the email and Dropbox/Webcam here at my Github repo.
If you have data you wish to push out, there are a lot of REST API options that don’t require you to host a database, and therefore you don’t have the risk of having to open it up to the outside world. One of the most simple to get working is https://data.sparkfun.com/:
Raspberry Pi Phant/Data.Sparkfun Data Submission:
Here’s an example based on their Python docs:
Remote Desktop, Tunneling and Cloud Raspberry Pi Remote Access Services
Raspberry Pi users have created quite a lot of demand for services that make remote access easier and (hopefully) safer, plus, of course, there is a business demand for such solutions too.
Remote Desktop to Raspberry Pi from External Computers, Tablet or Phone, with VNC
One of the most famous remote access solutions is VNC, and they have an encrypted “cloud” authentication and connection option. Get a free VNC account here and the official viewer for your OS here. Of course, there will be folks who debate just how secure this is, but seems pretty robust at least compared to the other options we are looking at, so take a look.
VNC is a remote desktop tool, so if you are on a “lite” version of your Raspberry Pi OS, such as Raspbian Jesse Lite, you will need to install desktop, or probably easier, switch to the full image. Fortunately for me, on Octopi it’s as easy as:
(Make sure you have enough spare capacity on your SD card!)
Set up VNC on your Raspberry Pi using Rasp-Config, in the ‘Interfacing’ menu option.
You probably also will want a web browser on there, I like Epiphany (make sure you type exactly, there is a game called Epiphany you will download otherwise):
sudo apt-get install epiphany-browser
Once you have VNC and a web browser, of course, you can load Octoprint via localhost 🙂
Remote Control and Web Access on Your Raspberry Pi with PageKite
If you want anyone to access your Raspberry Pi, but don’t want to open up your network, there are a few options where you can have a proxy or relay service in the middle. It’s not totally unlike the first examples where the data was sent by the Pi rather than pulled by the client, in that the user doesn’t see your actual pi, but for the user it just looks like a public web server (or whatever).
PageKite makes it really easy, and offers a free month and data to try it out. You get a SOMETHING.pagekite.me URL, and all the traffic is passed back and forth to your pi through that.
Afterwards you can run it on demand, for example to make your web server (or Octopi!) available, you would set up port 80:
pagekite.py 80 YOURKITE.pagekite.me
Ta-da! You are now on the web, say cheese! 🙂
Providing Your Raspberry Pi External Network Access with Port Forwarding
Probably the most risky, but also the most common, way people provide external/remote access to their Raspberry Pi is “port-forwarding”. This is where the router is told to forward requests for, say, port 80, and direct them to a certain computer on the network.
One of the reasons this is a popular option is the high performance, but also depending on your router it might be real convenient too.
On an Apple Airport it looks like this:
As with anything, there are multiple ways to achieve a result, and each have their pluses and minuses, be it security, difficulty, capability, or performance! Pick the option that works best for you, and please share your experiences in the Facebook Group 🙂