remote access

For a recent project, I needed to install LibreELEC/Kodi on a Raspberry Pi Compute Module 4 with built-in eMMC storage.

Because it's inconvenient to be swapping the Pi around from the embedded display I was using it in to my preferred carrier board I use for flashing Pis and interacting with their filesystems, I wanted to manage my LibreELEC install over SSH.

It seems like whatever documentation the LibreELEC Wiki used to have for remote SSH access is missing, and all I could find were references to enabling SSH during a GUI setup wizard. If you didn't see that during initial setup, the easiest way is to add ssh to the end of the line in the system's cmdline.txt file, then reboot.

So I pulled the Pi, used usbboot to mount the fat32 volume on my Mac, and opened cmdline.txt and added ssh. Then I popped the Pi back in the embedded display, and started it up.

Sure enough, I could now SSH in:

For a project I'm working on, I'll have a Raspberry Pi sitting behind a 4G LTE modem:

This modem is on AT&T's network, but regardless of the provider, unless you're willing to pay hundreds or thousands of dollars a month for a SIM with a public IP address, the Internet connection will be running behind CG-NAT.

What this means is there's no publicly routable address for the Pi—you can't access it from the public Internet, since it's only visible inside the cell network's private network.

There are a few different ways people have traditionally dealt with accessing devices running through CG-NAT connections:

1. Using a VPN
2. Using a one-off tool like ngrok
3. Using reverse tunnels, often via SSH

And after weighing the pros and cons, I decided to go with option 3, since—for my needs—I want to have two ports open back to the Raspberry Pi:

In a strange coincidence, the authors of TinyPilot and Pi-KVM both emailed me within a week of each other and asked if I'd be interested in one of their KVM devices.

Michael Lynch, founder of Tiny Pilot, said he'd used some of my Ansible work in building the TinyPilot update system, and Maxim Devaev, of Pi-KVM, liked my Pi open source content, and wanted to see what I thought of the new v3 kit that's currently on Kickstarter.

I took them both up on the offer, and dug into both devices.

Both have HDMI and USB inputs, so you can plug them into any Mac or PC and get full control, up to and including BIOS/UEFI settings, remote desktop management (with no software on the managed computer), and mounting of USB ISO images for re-installing an OS or maintaining a system.

[UPDATED: The developer of iSSH emailed me this morning with a couple of tidbits that will be useful for any early iSSH adopters on the iPad - see my updated notes in bold.]

One app I haven't had a lot of time to work with (yet) is iSSH on the iPad. I tried the iPhone version, but the tiny iPhone screen simply couldn't keep up with a productive SSH or VNC session.

The iPad changes the game, though; I can actually log in via SSH, do some real work, then go back to doing whatever I was doing on the iPad. Since the iSSH developers didn't have a ton of time to work on an actual iPad, there are some pretty annoying bugs right now—but these bugs will be fixed soon. Some of the bugs: