remote connection

Remote shell to a Raspberry Pi at 39,000 ft

For a few weeks I've been beta testing remote shell, the latest addition to Raspberry Pi Connect. Just a couple hours ago I was on a flight home from the new Micro Center in Charlotte.

Pi Connect Remote Shell in airplane on laptop

One huge problem with VNC or remote desktop is how flaky it is if you have limited bandwidth or an unstable connection, like on an airplane.

It takes forever to start a screen sharing session, and the airplane's flaky WiFi usually causes the session to lock up, meaning you can't do much at all.

Remote terminal access, just relaying text commands, is the best solution for that problem. And sure, I have a VPN I could use with SSH to get to my Pi, but Raspberry Pi Connect just added support for remote shell access.

SSH and HTTP to a Raspberry Pi behind CG-NAT

For a project I'm working on, I'll have a Raspberry Pi sitting behind a 4G LTE modem:

Raspberry Pi 4 with 4G LTE modem and antenna on desk

This modem is on AT&T's network, but regardless of the provider, unless you're willing to pay hundreds or thousands of dollars a month for a SIM with a public IP address, the Internet connection will be running behind CG-NAT.

What this means is there's no publicly routable address for the Pi—you can't access it from the public Internet, since it's only visible inside the cell network's private network.

There are a few different ways people have traditionally dealt with accessing devices running through CG-NAT connections:

  1. Using a VPN
  2. Using a one-off tool like ngrok
  3. Using reverse tunnels, often via SSH

And after weighing the pros and cons, I decided to go with option 3, since—for my needs—I want to have two ports open back to the Raspberry Pi:

SSH in a Locked-Down Network

Recently, during one job for a client, I needed to work for a length of time in a location that had quite severe network restrictions—in addition to a proxy server, the location blocked every port besides 80, 25, 443, and 8080. In order to use secure shell (SSH) to login to my work web server, I needed to use one of those ports (I used nmap to find open ports on my end).

Luckily, I gained access to another network for a short time, and used that connection to update my work web server to allow SSH over port 8080 (in addition to the standard, port 22). I edited the /etc/ssh/sshd_config file so it reads:

Port 22
Port 8080

(the Port 22 line was commented out, originally).

Then I simply used the -p (port) directive when logging in via SSH:

$ ssh -p8080 [email protected]
Subscribe to remote connection