Accessing my Pi When I’m on the Go
I travel a good bit (or at least used to). I’d like to be able to admin my home network wherever I am. This is a little tough because I don’t have a static IP address at my apartment. At any point the external address of my router relative to the internet could change.
One option available to me is to use something like DYN DNS. DYN DNS allows for your network to dynamically configure it’s DNS address. The issue is that Dyn DNS is $55 a year, which is like a ¼ of a Pinebook.
Cryptography to the Rescue
One approach to providing a way to route to my server without having an static IP is to use one of the volunteer run cryptographic overlay networks.
Here are two,
When exposing a server to inbound connections via something like Tor, all connections from your server are outgoing to the Tor network. This means that you can make a server routable on any network that can reach the Tor network.
Overlay networks like I2P and Tor use cryptographic signatures to route within the network. Addresses look like
http://bbcnewsv2vjtpsuy.onion. Addresses look weird because they’re the public keys (or just the hash in the case of the old ones) of the servers. Since routing is done with cryptographically, you don’t need something like a lease on the limited IPv4 address space.
On my Pi (I’ve named it
io after Jupiter’s moon) I can expose the ssh server via Tor by using the following configuration. We tell the Tor process to forward incoming connections on port
22 to port
22 on the loopback (localhost)
After installing tor (
apt install tor), I added this to my
HiddenServicePort 22 127.0.0.1:22
Connecting my Laptop to Tor
There’s a special version of Firefox that ships configured with all the necessary software to connect to the Tor network. When you run the Tor browser, it also runs a SOCKS5 proxy on port
9150 that any other software can use.
On my laptop I can tell
ssh to proxy commands through the Socks5 Proxy by editing my
~/.ssh/config like so
ProxyCommand nc -X 5 -x localhost:9150 %h %p
Note: I found out the hard way, currently only the BSD edition of
netcat supports SOCKS5, and the GNU version does not
Most commands that deal with connecting to a server read the
~/ssh/config file. So
scp work out of the box.
One of my big use cases for is being able to fix the our router for my roomates when I’m on the go. Now that we have a way to do
ssh connections over Tor, we can use
ssh to tunnel to other places behind my firewall.
ssh -N -L 127.0.0.1:4000:192.168.1.64:80 io
This will forward all connections to port
4000 on your local machines through Io to port
192.168.1.64 (relative to Io). This means I can use chrome to access my router anywhere I go.