I have a Raspberry PI at parent’s home installed and need to control things remotely, so I can fix things easily when there is any problem they request. But the problem I faced is that all the devices are in private network under NAT and ISP don’t provide any public IP nor provide access to router to configure. Now, I need to find a solution to access my devices inside the private network.
So, I installed my RPI via LAN so that it connects to router directly and doesn’t need WiFi configuration in case change in WiFi password. Now the Raspberry PI is running, I open it via SSH to configure remote access.
After the successful login, I install a software called tor. The aptitude package many not be updated so need to update and install using following commands.
1 2 3 |
sudo apt-get update sudo apt-get upgrade sudo apt-get install tor |
The 2nd line; upgrade may not be necessary but keeping packages update is a good thing. Now the tor is installed, we have access to a different part of internet and this is what we are trying to utilize. Now we need to configure the tor to open up the hidden service. Now, we update the tor configuration file torrc to open up the hidden service by using following command
1 |
sudo nano /etc/tor/torrc |
We then search for lines that looks like this
1 2 3 4 5 |
#HiddenServiceDir /var/lib/tor/hidden_service/ #HiddenServicePort 80 127.0.0.1:80 #HiddenServiceDir /var/lib/tor/other_hidden_service/ #HiddenServicePort 80 127.0.0.1:80 #HiddenServicePort 22 127.0.0.1:22 |
These lines are currently commented and need to enabled with few extra configuration as
1 2 3 4 5 |
HiddenServiceDir /var/lib/tor/hidden_service/ #HiddenServicePort 80 127.0.0.1:80 #HiddenServiceDir /var/lib/tor/other_hidden_service/ #HiddenServicePort 80 127.0.0.1:80 HiddenServicePort 8022 127.0.0.1:22 |
If you see line 1, we need further configuration on those folder. We will come to that in a while. Line 6 shows local port 22 is forwarded to remote port 8022. It can be configured to any port you like. Other services can also be enabled like web hosting, telnet and more services. Can be used on remote/local other device port to forward.
Now, we generate hidden service onion link. One of a sample I generated using the eschalot[needs compilation, can use any other application accordingly] is with the onion domain using following command
1 |
./eschalot -p "hi" |
1 |
hi2vqr2we6jsvwn6.onion |
And the private key for above one is
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQCzW6LPcWB9VoHqHC8D2F8jUHOXscxT1gVLVK7rNqLSp/97QnLW vs/KfETKNKGwDJywuf32RgO2pmGFH3X/w8cOX35pUTkR8/IK2IsvLdsr3xhu+tiy ueZsrJ3+4p4AmAI5xY6LZDseP9GC+7NxAcgHK+tTS++D4ljFq2gbPmcb3wIEAQAE QwKBgA01xURiz45pNkwRqbm6teDQ/YDHbPFFNakmju9p7ItvAzEGbrqRnyH1DtuZ YOh4ZEdp/uyi3B8rcptFSs+po3CToIOv6jDFlcwBmiEdjvI6O8v/Oh4SnN0B13lA c4wP/nv1j4moI+37A5Hcv2e/gR4Tc4PcaEcRpR4j0Z1LugrbAkEA7Ss1BXqeGeeO QslPB33CyVpNIWXsvmqLwXZv0taE2KJNbCG4CqH8IU97QfRyWE3meNTA+GrQwUXx 2POw/N+mOQJBAMGZV3JaBcZPmL5F6OyIAEZAwrSTSmJcEWELt2gK82Hl1CLoiHtn LSSvLx7QFoewcjFFqyI86tb887IzWk/2ktcCQQC71iLMFwpqsL9RQUl1iba8HOil /iqN7xQsUl3gNtKjexYsw2odesSY/BlMpKxgk4iYXKAGRpEiB7BKcGRhiXgbAkBo hmef/ReBl8Xtj+jXBSRXBNGniXgvX4coGp0WXE9dCif3rtw++LWkfBDC9ikDI89O mSNvwwH6kjZRrrccTYNrAkBF2Lz0WvX5BtK4sVeYfZqJxYf3lEf5Q71BIK4jLorn ATe+BdqJbht4E+7c7i4/pGKH8Np1HpEijMRC+PgkBET/ -----END RSA PRIVATE KEY----- |
Please do not use above host and keys as it may not be safe hosting same app from different tor nodes.
There is no folder called hidden_service so we need to create one with 2 files in it. But it has different user level so we need to configure with root and change the permission of the folder and files.
1 2 3 4 5 6 |
sudo su cd /var/lib/tor/ mkdir hidden_service cd hidden_service echo "hi2vqr2we6jsvwn6.onion" > hostname nano private_key |
On line 6, you need to paste the above generated private key. Press Ctrl+X, Yes and Save. Now, next task is to set permission to hidden_service folder. One the same folder with root user.
1 2 |
chown debian-tor:debian-tor . -R chmod 777 -R . |
This will set the folder and those files with debian-tor permission. If the user for other files isn’t same you need to change it to the user to the user that has same permission as /var/lib/tor/ and finally we restart the tor service. Make sure you exit from root mode as it is not safe to use root too much without knowledge.
1 |
sudo service tor restart |
Finally we have setup the service. It might not connect in 1 try as such service might take few try to resolve the newly generated onion link. We can try connecting to from any device now that has tor service enabled.
1 |
torify ssh -p 8022 pi@hi2vqr2we6jsvwn6.onion |
Warning: don’t set default password for the devices.
You get the app
torify when you install tor on your Linux/Mac. On Windows you can install Torifier and install
putty to access via ssh.
Now I can finally access my home devices with ports opened as a service and control everything. It can be used in more complex way and for good things for private remote access. Make sure you set complex password and latest software with no vulnerabilities on this network.