How to Access Raspberry Pi Remotely over the Internet using SSH, VNC, Remote Desktop

Author: Ganesh Velrajan

Last Updated: Fri, Sep 24, 2021

Raspberry Pi brings computational power in such a small form factor at a very low price while consuming less energy.

This makes Raspberry Pi an ideal compute device of choice to be placed in all sorts of dumb devices to make them smart.

Your IoT device or Raspberry Pi installed at your customer site soon becomes a sitting duck if not managed periodically over the lifetime of the device.

Unmanaged devices lead to customer churn and lost recurring revenue from your customers.

The biggest challenge for any IoT vendor is:
How to access and manage Raspberry Pi remotely over the internet to login, debug, reboot, reconfigure and update the software installed in it?

There are several ways to access Raspberry Pi remotely over the Internet but the most common ones are via SSH, VNC (Remote Desktop) and web service.

For this you need to make sure the SSH server and the VNC server are running in your Raspberry Pi.

Click on the main menu in your Raspberry Pi and choose Preferences > Raspberry Pi Configuration. Choose the Interfaces tab and set both SSH and VNC to Enabled.

Agenda:

In this article, we’ll discuss how to configure and setup Raspberry Pi for:

using SocketXP IoT Management Platform.

What is SocketXP

SocketXP IoT Management Platform is a cloud based secure remote access solution to access, manage and debug Linux devices such as Raspberry Pi, Orange Pi or an IoT device over the internet. SocketXP creates a secure SSL/TLS tunnel over the internet to your Raspberry Pi for secure remote access.

No configuration changes are required in your home or office router to make the SocketXP solution work.

It simply works out of the box.

Moreover, SocketXP is trusted by many enterprises around the world today for secure remote access to their IoT devices over the Internet.

How to setup Raspberry Pi for SSH Remote Access

In this section, we’ll discuss how to setup, configure and access Raspberry Pi remotely over the internet via SSH.

Get Secure Authentication Token

Sign up for free and get your authentication token from https://portal.socketxp.com

Auth Token

Next, click the IoT devices tab, in the portal page.

Copy the Single Touch Installation command from the IoT devices page by clicking the “copy” button on the right hand side, as shown below.

SocketXP IoT Remote SSH installation script

Paste the command into the Raspberry Pi command terminal.

This command will download a shell script that will download and install SocketXP IoT agent on your Raspberry Pi.

This command also has a unique authentication token just assigned for you for secure remote access.

Connect to Raspberry Pi remotely over the internet

Refresh the SocketXP Portal page by clicking the refresh button in the table there. You’ll see your Raspberry Pi device listed there.

Now you are ready to connect Raspberry Pi remotely over the Internet. Just click the terminal icon next to your device.

SocketXP IoT Remote SSH Raspberry Pi Remote SSH xterm access from browser

It will open up a new window for SSH access to your device.

SocketXP IoT Remote SSH Raspberry Pi Remote SSH xterm access from browser

Provide your Raspberry Pi login credentials there to access your Pi shell.

You’ll be logged into your device and put in a shell prompt.

Please read this Raspberry Pi Documentation “Securing Your Raspberry Pi” article for more information on keeping your device secure.

Remote access Raspberry Pi from Windows, MacOS, Linux

Using the SocketXP IoT Secure Remote Access solution discussed above, you could remote access Raspberry Pi from Windows 10, Mac OS, or Linux or Chrome OS, by simply opening up a web browser and login to https://portal.socketxp.com.

Click the IoT Device tab on the left hand side of the page. You’ll be taken to the IoT Devices page.

Now browse your Raspberry Pi devices listed in a table there and click the terminal icon next to the device to SSH into your Raspberry Pi device.

Alternatively, you could remote access Raspberry Pi from Windows, MacOS, Linux or other OSes using your own SSH client such as PuTTY or using the SSH command from your command prompt.

This method is explained in the next section.

Remote SSH into Raspberry Pi using your own SSH client

You could remote SSH into Raspberry Pi from Windows or Mac OS or Linux using your own SSH client such as OpenSSH client, PuTTY, Filezilla etc.

For this you need to download and install SocketXP IoT agent on your laptop running Windows 10 or Mac OS or Linux from the SocketXP Download page.

Next setup the SocketXP agent to run in IoT Slave Mode using the following command:

$ socketxp connect tcp://localhost:3000 --iot-slave --peer-device-id 223344-abcdef-34445  --peer-device-port 22

Listening for TCP connections at:
Local URL -> tcp://localhost:3000

Use the local TCP port (3000) to remote into Raspberry Pi from Windows or any OS using your own SSH client, as shown below:

$ ssh -i ~/.ssh/john-private.key [email protected] -p 3000

How to access Raspberry Pi Remote Desktop or VNC over the internet

Pre-requisites

To remotely access your Raspberry Pi desktop, we will be installing TightVNC Server on the Raspberry Pi.

We’ll also install the TightVNC Client on your Windows laptop/PC (from which you want to remote desktop into your Pi).

If you have already installed these TightVNC softwares, you can skip the below section and jump straight to the next section about installing SocketXP IoT Agent.

Installing TightVNC Server on Raspberry Pi for VNC access

For this tutorial we will assume that your Raspberry Pi doesn’t have a desktop environment installed.

We will install XFCE desktop environment, to have the actual desktop accessible on the Pi.

$ sudo apt install -y xfce4 xfce4-goodies 
Next, we will install tightvncserver to be able to access that desktop.

sudo apt install -y tightvncserver The next thing we’ll have to do is to set up an access password for VNC clients.

This is done on the first run of your VNC server. Simply run the command below:

$ vncserver

TightVNC Password Setup

You will be asked to provide two passwords.

One is an access password and the other is a view-only password.

The access password lets you connect to the desktop and interact with it using keyboard and mouse whereas the view-only password will only let a user observe your desktop.

The view-only password is optional so you can skip setting it up when asked by pressing the enter key on your keyboard.

Now that the password is set up we will configure a startup file for VNC.

First, we’ll have to shut down our currently running VNC server.

$ vncserver -kill :1
Then we’ll create a backup of current startup file, in case we’d like to revert back to it.

$ mv ~/.vnc/xstartup ~/.vnc/xstartup.bak

Finally, we’ll create a new startup file.

$ printf '#!/bin/bash\nxrdb $HOME/.Xresources\nstartxfce4 &\n' > ~/.vnc/xstartup
$ sudo chmod +x ~/.vnc/xstartup
This will create the following file:

#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &

The first line xrdb $HOME/.Xresources tells the VNC’s GUI framework to read the server user’s Xresource file.

The second line starts the Xfce in background.

Now, re-start the VNC server using the command below.

$ vncserver

Now we’re ready to access our Raspberry Pi desktop from the Windows PC.

SocketXP IoT Agent installation

Install a simple, secure and lightweight SocketXP IoT Agent on your IoT device (or Rasperry Pi). The SocketXP agent will securely connect to the SocketXP IoT Cloud Gateway via an SSL/TLS tunnel.

We need to setup SocketXP Agent to run in two different places:

  • Raspberry Pi - in IoT Master Mode (Default Mode)
  • Laptop or PC - in IoT Slave Mode

Follow the instructions below to install SocketXP IoT Agent on your IoT or Raspberry Pi device. Also follow the same instructions to install SocketXP IoT Agent on your access device (such as your laptop, or PC).

Step 1: Download and Install

Download and install SocketXP IoT agent on your IoT or Raspberry Pi device.

Step 2: Get your Authentication Token

Sign up at https://portal.socketxp.com and get your authentication token.

Auth Token

Copy and paste the above command to login to the SocketXP IoT Cloud Gateway using the auth token.

$ socketxp login "eyJhbGciOiJIUzI1NiIsInR5cCI..."

Step 3: Setup SocketXP Agent on your IoT or Raspberry Pi Device

To make SocketXP agent to run in IoT Master Mode (which is the default mode of SocketXP agent) use the below command, as you would normally do.

$ socketxp  connect tcp://localhost:5901
Connected to SocketXP Cloud Gateway.
Access the TCP service securely using the SocketXP agent in IoT Slave Mode.
where localhost port 5901 is the VNC server port, on which tightvncserver is listening for connections from a VNC viewer.

Note: SocketXP does not create any public TCP tunnel endpoints that can be connected and accessed by anyone on the internet using an SSH client. SocketXP TCP tunnel endpoints are not exposed to the internet and can be accessed only using the SocketXP agent (using the auth token of the user) or through the XTERM terminal in the SocketXP Portal page.

Step 4: Setup SocketXP Agent on your Windows or Mac

Next, to access the Raspberry Pi device from your Laptop/PC, setup SocketXP IoT Agent for Windows (or MacOS) to run in the IoT Slave Mode as shown below:

$ ./socketxp.exe connect tcp://localhost:10111 --iot-slave --peer-device-id "223344-abcdef-34445" --peer-device-port 5901
Listening for TCP connections at:
Local URL -> tcp://localhost:10111  
where 10111 is a local port on your PC at which you want to access the Raspberry Pi. You can choose to use any free local port instead of port 10111. You shall find the Device ID of the device from the SocketXP Portal page in the IoT Devices section.

Why this is important?
SocketXP IoT Agent when run in IoT Slave Mode acts like a localproxy server. It proxies all connections to a user-specified local port (10111 in the example above) in your laptop/PC to the SocketXP IoT Cloud Gateway using a secure SSL/TLS tunnel. Also the SocketXP IoT Agent authenticates itself with the SocketXP IoT Cloud Gateway using your auth token. This ensures that only legitimate, authenticated users are permitted to access your remote IoT devices. SocketXP ensures Zero-Trust security on all connected devices.

Note: IoT Free, Basic and Business Plans support creating remote TCP connections to SSH server running on port 22 only. Services running on all other ports such as VNC, RDP, and Web Service cannot be accessed. An upgrade to IoT Enterprise Plan is required to access services running on all other ports.

Connect from Windows Laptop/PC

TightVNC Viewer (client software) installation

Install TightVNC Viewer on your Windows PC from the TightVNC website.

Launch TightVNC Viewer and it will bring you straight to the login window. Fill it out with the following details:

  • Remote Host: localhost:10111.
Raspberry Pi Remote Desktop VNC Access Over the Internet using TightVNC

When done click on “Connect”. This will bring you to the authentication window.

Raspberry Pi Remote Desktop VNC Access Over the Internet using TightVNC

This is where you provide your TightVNC access password that you’ve set up in the first section of this article. When you click OK, you will see the desktop of your Raspberry Pi.

Raspberry Pi Remote Desktop VNC Access Over the Internet using TightVNC

Please keep in mind that there’s a lot of data being transferred in between your Raspberry Pi and your PC in order to provide live desktop experience, so the quality and response time might not be exactly as on a local desktop.

How to Remote Access Raspberry Pi Webservice or Webapp over Internet

Let’s assume you have a nodejs webserver application(as shown below), running in your Raspberry Pi device. Let’s also assume that the nodejs webserver app listens on localhost port 3000.

$ cat myapp.js
var http = require('http');
//create a server object:
http.createServer(function (req, res) {
 res.writeHead(200, {'Content-Type': 'text/html'});
 res.write("<h2>Hello World!</h2>"); //write a response to the client
 res.end(); //end the response
}).listen(3000); //the server object listens on port 3000
$

We’ll use the above web app to explain how to remote access Raspberry Pi webserver from the internet.

Now run the myapp.js on your Raspberry Pi, as shown below.

$ node myapp.js

Open up a browser in your Raspberry Pi and point to http://localhost:3000 to connect to the local web application.

remote-access-localhost-nodejs-app

Right now the web application can be accessed only by you because it runs on your Raspberry Pi connected to your local network.

Now to remote access your nodejs webserver application from the internet, follow the instructions below to create a SocketXP HTTPS tunnel and a SocketXP Public Web URL for your nodejs webserver app.

Step 1: Download and Install

Download and install SocketXP IoT agent on your IoT or Raspberry Pi device.

Step 2: Get your Authentication Token

Sign up at https://portal.socketxp.com and get your authentication token.

remote-access-localhost-nodejs-app

Click the copy button to copy the command string and paste in the terminal window in your laptop or server.

$ socketxp login "eyJhbGciOiJIUzI1NiIsInR5cCI..."

After registering the SocketXP Client with the SocketXP Cloud Service, use the following command to create a secure HTTP proxy tunnel between the nodejs webserver application and the SocketXP Cloud Gateway.

$socketxp connect http://localhost:3000
Public URL -> https://test-user-59129dd68b58.socketxp.com

Let’s access the nodejs webserver application from the internet using the SocketXP Public URL provided in the above output.

remote-access-localhost-nodejs-app

You could now share the above link to your customers or remote employees, so that they could remote access your webserver application from anywhere in the world. 

The above SocketXP public URL is a permanent link just assigned to your webserver app and it doesn’t change until you manually delete it from the tunnels section in the SocketXP Cloud Gateway Portal page.

How to send commands to Raspberry Pi over the internet

If you do not want to access Raspberry Pi remotely via SSH, you could simply use the SocketXP Remote Command or Remote Job Execution feature to send commands to Raspberry Pi over the internet.

In this section, we’ll discuss how to configure and setup Raspberry Pi so that you could send command to Raspberry Pi over the internet

Overall Strategy:

We’ll install a simple, secure and lightweight SocketXP agent to run in your Raspberry Pi or IoT device.

The agent would connect your Raspberry Pi privately and securely using an SSL/TLS tunnel to our SocketXP Cloud API Gateway.

You could then access the Cloud API Gateway using a secure authentication token assigned exclusively for you.

You could then simply submit jobs to execute in your remote Raspberry Pi via our REST APIs.

Let’s get started.

Step #1: Install and Setup SocketXP Agent

Follow the instructions here to download, install and setup SocketXP agent on your Raspberry Pi.

Note: You don’t have to run an SSH server (port 22) to run this agent. You could even point the agent to connect to some local unused port such as 52233.

Step #2: Send a Remote Command

Here is our complete list of APIs to execute remote command or jobs on your Raspberry Pi.

First, let’s submit a remote job to run using the following curl command. You could use the Postman tool to perform the same request.

curl https://api.socketxp.com/v1/job \
  -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer [your-auth-token-goes-here]" \
  -d '{“JobName”: “test-job-123”, “DeviceId”: "device-12345”, “Command”: “ls -l /home/test-user | grep script” }'

The response to this POST API call, on success (200 OK), would look something like this.

{“JobId”: ”9b4461f7–5c0a-419c-8157-e57c879f4ade”}

Now you could retrieve the status or the result of the job using the above JobId, as shown below.

curl https://api.socketxp.com/v1/job/9b4461f7–5c0a-419c-8157-e57c879f4ade \
  -X GET \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer [your-auth-token-goes-here]"

And the response to the curl request would look like this:

{
“JobId”:”9b4461f7–5c0a-419c-8157-e57c879f4ade,
”JobName”:”test-job-123",
”DeviceId”:”device-12345,
”Command”:”ls -l /home/test-user | grep script”,
”StartTime”:”Feb 22 2021 07:48”,
”EndTime”:”Feb 22 2021 07:49”,
”Result”:”-rwxrwxrwx 1 test-user test-user     0 Feb 20 05:47 script”
}

The result field will have the execution result (output/errors) of the remote command executed.

More Sample Commands

Here are the additional sample remote commands you could execute on a remote server, Raspberry Pi or IoT device using SocketXP REST API’s.

  • “sh /home/john/script.sh”
  • “python /home/john/check_temperature.py”
  • “reboot”
  • “service sshd restart”
  • “echo ‘This is the content of the file.’ > /home/test-user/config”

Advantanges:

The following are the advantages of using SocketXP REST APIs to send command to Raspberry Pi over the internet:

  • secure access to your devices via REST API (using JWT token and HTTPS/TLS connection) to the API Gateway
  • ability to automate the API’s using a python or shell script.
  • execute remote commands without having to manually login to the SSH server.
  • ability to schedule a job to be run on a cluster of servers or nodes or devices.