How to access a Raspberry Pi anywhere with reverse ssh and Google Cloud Platform
Continuing on with our Raspberry Pi tutorials, we now need to be able to access our Raspberry Pi when it’s on a different network. For this, we need a Linux server with a public IP address, and it so happens that Google offers that to us with GCP.
So first, we’ll need a project set up in GCP along with a compute instance. Usually I just choose Ubuntu with a f1-micro and 30 GB for the hard drive.
This will allow you to use the free tier so as not to incur costs. You will also have to make sure you have a port open for ssh. I have gone into detail on how to set up GCP in this story here, so please take a look at it if you are not familiar with GCP yet, but the two basic things you need in the project (a Compute Engine and the port open in the firewall), I’ve indicated below.
So, presupposing that we have all that ready to go, back in our Raspberry Pi, we need to get our ssh keys, and then copy the public key into the GCP in the compute instance. When it creates the ssh keys, it will ask for things like a password and where to save it, etc. (there are about three questions), but just click on enter without putting anything until it finally presents you with the public key. Copy everything that comes out as a result.
ssh-keygen -t rsa && cat ~/.ssh/id_rsa.pub
If you haven't gotten your Raspberry Pi up and running yet, just look at my story here to have it set up in no time.
Now, we’ll go back into the GCP project, then into the Compute Engine, and then we’ll click on the name of our VM instance. Then, at the top, we’ll click on the blue “EDIT” button, and then finally we’ll go down to SSH keys. There, it will say “You have 0 SSH keys”, and under that, we’ll click on “Show and edit”.
There, we’ll paste the public ssh key we copied from the Raspberry Pi before. Now, here we need to change one small thing before saving that. At the end of the ssh key, it has an “=” sign, then a space, and then the user from the Raspberry Pi. We need to delete this and put the admin user of the GCP. So, if it ended like “…= ubuntu@ubuntu” we’ll change it to “…= emailuser”. In this case we are not putting the “@gmail.com” or “@domain.com” at the end of the user, just the username of the email (the user in charge of the GCP project in this case).
After we save that, we’ll go back to the Raspberry Pi to set the rest up.
First, In the Raspberry Pi terminal, we should ssh into the GCP to accept the ssh keys from there. So just put ssh email@PUBLICIP of the GCP compute engine and type yes after entering. After entering, just type exit to get out.
Then, let’s type the following:
vim tunnel.sh . The file can be named anything you want. Then, in the file, we’ll put the following:
/usr/bin/ssh -N -R 60000:localhost:22 emailuser@EXTERNALIP
if [[ $? -eq 0 ]]; then
echo Tunnel to jumpbox created successfully
echo Error creating a tunnel to jumpbox. RC was $?
} /bin/pidof ssh
if [[ $? -ne 0 ]]; then
echo Creating new tunnel connection
Remember, the “emailuser” is the first part of the email that has admin rights over the GCP project, and the “EXTERNALIP” is the IP address the Compute Engine gives you. The “60000” is the port you have open for connecting by ssh.
I have the external IP hidden for security reasons, but where the red arrow is pointing, under “External IP”, you’ll find an IP address that you can copy for the code above.
When you have saved the code above (in Vim, typing “:x” — if you are new to Vim, see my story here to know the basics), we will then make it executable:
chmod 700 ~/tunnel.sh
Then, we need to use cron to make sure that Ubuntu activates this about every minute so as to have constant access each time the Raspberry Pi is booted up.
Let’s edit the crontab with
crontab -e , then, we’ll put the following at the very end of the file:
*/1 * * * * ~/tunnel.sh > tunnel.log 2>&1
Keep in mind that the “tunnel.log” is not related to the file name. Indifferent to what the .sh file is named, it will still be “tunnel.log” after the carrot.
After saving that (:x again). The Raspberry Pi is ready to be used with reverse ssh.
Going back to our VM instance under the Compute Engine, we’ll now ssh into the VM instance (green arrow in the photo above).
Finally, we’ll type
ssh -p 60000 ubuntu@localhost (presupposing that the user in the Raspberry Pi is still ubuntu), and with that, we have now entered into our Raspberry Pi by reverse ssh and can use it anywhere we like.
If you would like to see a video tutorial on this, you can check it out here. Cheers.