Remote Access to Pi and Rules

Setup, Configuration and Use Installation
1

Hello!

I have a friend who would like to automate her home similar to some of the automation I have in my house.

I have OH2.4 running on a RPi3 and use a Samba share folder and Visual Studio to edit my items and rules from my Windows 10 PC. I use PuTTY to access the Pi if I need to run updates.

I have the software installed on her Pi and won’t have an issue getting everything configured while I’m at her house, but I wanted to know the best way for me to access her setup to run updates or add rules for her automation. (She lives about an hour away, so I’d rather run things from my house.)

Is it possible to setup access to her folders even though we are not on the same network? If I open a port and have the fixed IP, I should be able to access her Pi using PuTTY, but I wanted to be able to code/update rules.

I’m a total NOOB when it comes to networking and hardware, so thank you in advance for your patience!

2

Whatever you do, the access needs to be secure and encrypted, especially if travelling across the Internet.

3

I suggest VPN.

2 Likes
4
1 Like
5

remote.it also works:
https://docs.remote.it/platforms/quick-start-on-raspberry-pi/setup-your-raspberry-pi

6
  1. you can open in the remote router ssh port and and use myopehab to access to all the configurations. For example you can open port 22 towards the openhab private IP(e.g. 192.168.1.200). Then you can access with putty to the public IP with port 22 to the raspberry.
  2. you can set a vpn. For example use openvpn.

the two options are for different purpose. With vpn you have access to all the remote private network

7

I would very strongly advise NOT opening port 22 of the router to the internet, it’s the first place someone might try a brute force attack.

However…

You can map port 22 of the openHAB2 machine to a random external port.
I tend to go for something like 74733, then also look into a higher level of security than just a user name and password for SSH access.

Disable root access directly over SSH.

Instead setup a new user that ONLY has read access over SSH.

Once connected, you can elevate to another user, with a new password etc.

Also look into port tunnelling within PuTTY, so that you can use your own web browser to access the UI’s.

Or as you suggest, use a really good VPN.

3 Likes
8

I agree with MDAR. It is better use another external port for security reasons.
e.g.
Private IP:Port22 <------>Router Internal port 22 towards LAN Raspberry’s IP<—>Router external port 22222 towards internet<------>Internet.
All the packets from internet to the public address in the port 22222 are sent to the raspberry on port 22.
It is better to use a key instead of username/password


You can also disable username/password access and leave only auth-key based access

You can make SSH reply only to some IPs

For openVPN you can use this guide but you’ll find a lot of documentations googling

3 Likes