0
INTRODUCTION
This discussion is a continuation from here: superuser.com/questions/610383/remote-access-without-teamviewer-or-hamachi/610396?noredirect=1#comment755389_610396
I want to remotely and securely access my Raspberry Pi with SSH and VNC. Here's what I'm using:
- Router: Westell A90-750022-07 (portforward.com/english/routers/port_forwarding/Westell/A90-750022-07/Minecraft_Server.htm)
- Client: HP DV9000, Windows, Putty (for CLI), tigerVNC-viewer (for GUI)
- Server: Raspberry Pi, Arch Linux, tigerVNC-server, openSSH
Basically what I found out from the previous discussion (see the first link above) was that I don't need to use VPN software, like openVPN. They said I just need to forward ports.
MAIN PROBLEM
- I can setup port forwarding and verify with this: www.yougetsignal.com/tools/open-ports
BUT
- I can't remotely SSH to my server with putty
- I don't know how to securely connect using VNC and SSH together
========================================================================
MORE INFO - Router Settings
Here's my current setup (screenshots 6 & 7 from the second link above):
- Protocol: both
- Start Point: 65432
- End Port: 65432
- LAN Port: 22
- Direction: in
- Port Direction: dst
Last screenshot from the second link above:
- Inbound Only Selected
- Raspberry Pi selected as LAN device with its private IP
MORE INFO - Putty Settings
Note: If your client is an iPhone, you can use vSSH Lite instead of Putty.
- Destination: Public IP Address
- Port: 65432
- Protocol: SSH
See Update 1: I was getting errors here before because I was trying to remotely connect while being on the local network. That's why there's a bunch of comments about SSH and putty below.
MORE INFO - tigerVNC-viewer Settings
Note: If your client is an iPhone, you can use PocketCloud instead of tigerVNC-viewer.
- Not quite sure where to start on this. I'll be doing research on it though...
See Update 2
Update 1
I made a big mistake with putty: Apparently you can't SSH from a client on your home network to its public address. Thanks everybody for your feedback. I really appreciate the time you all put into helping me out. Sorry I made such a goofy mistake!
Edit: According to TheReddog's comment below, this might actually be possible with something called "IP Passthrough" but since I was able to successfully connect with putty, I didn't really look into it.
Now I just need to figure out how to do the same exact thing with a securely connected VNC client...
Update 2
I think I got tigerVNC-client to work securely. I followed these two guides:
- Use the vncserver in linux to start localhost only VNC session - https://wiki.archlinux.org/index.php/Vncserver#Securing_VNC_Server_by_SSH_Tunnels)
- Make a tunneled putty client connection. Then start a "local" VNC client session - http://www.maths.utas.edu.au/People/Hill/vncvnc-html
To summarize the findings in these two links: Basically the first link explains everything. According to the information under the heading "On the Server", do this:
vncserver -geometry 1440x900 -alwaysshared -dpi 96 -localhost :1
.
Then, under the heading "On the Client", the instructions explain how to connect VNC tunneled through SSH in linux.
- SSH command:
ssh IP_OF_TARGET_MACHINE -L 8900/localhost/5901
- VNC command:
vncviewer localhost:8900
The second link basically shows you how to do the client SSH command with putty and the client VNC command with a VNC viewer in Windows instead.
Can I get confirmation that this is secure?
Silly question, but is SSH enabled on your Raspberry Pi on port 22? In other words, can you connect on your intranet to it? – ernie – 2013-06-22T00:05:11.243
A good question @ernie. I can connect with putty from a windows computer running putty via the local network, using a local address like 10.0.0.2:22. But I can't when I'm at my neighbor's house across town using putty with a public address like http://74.125.224:65432. Although I can access the network with my iPhone (as described under the Main Problem heading).
– Rhyknowscerious – 2013-06-22T00:11:06.540Sounds like it should work - things to check would be your router's firewall settings, or if you've enabled the forwarding multiple times, and it's pointing to the wrong intranet address. – ernie – 2013-06-22T00:16:43.560
@ernie Do you think putty is set up right? I just entered the public address and port number 65432 at the top and clicked go. Am I supposed to change the protocol at the top (RAW, Telnet, Rlogin, SSH, Serial) Am I supposed to use the tunnel setting (Connections > SSH > Tunnels)? Am I supposed to use port 22 on my public address? – Rhyknowscerious – 2013-06-22T00:22:00.463
your putty sounds fine. some ISPs block ports in the uppermost ranges, when they are not part of an existing connection, so that may be part of it. try somthing less than 10000 like 7634. other than that, the issue is likely one of the following: router or server firewall, your NAT rule is malformed, or the service is denying the connection (see reddogg's answer). since the open port tool worked, I'm inclined to believe the last. – Frank Thomas – 2013-06-22T05:25:19.707
Hey everybody I just did some updates to the main post and just want to know if somebody can confirm the validity of my Update 2 proposed solution. – Rhyknowscerious – 2013-06-22T20:55:11.213