3

I have a Raspberry Pi computer in the field with a USB modem stick (Huawei E5372). Sim card doesn't accept incoming requests, all ports are disabled by ISP.
I already have access from my desktop using Teamviewer but I want to have my own free ssh access.
I have a no-ip domain because of dynamic IP pointing to RPi.
Is it possible accomplish that in a similar way that Teamviewer does?

EDIT 1: I would need ssh access to RPi from my desktop (Ubuntu) or from my laptop (Win 10)

dstonek
  • 153
  • 1
  • 8
  • So, this is a very confusing post. Are you asking, “How to use SSH to access a raspberry pi connected to a cellular network?” – Appleoddity Jan 14 '18 at 05:15
  • Yes, it is a prepaid sim card in celullar network with blocked incoming ports from ISP – dstonek Jan 14 '18 at 05:23
  • If all inbound ports are blocked (which is not unlikely on cellular networks, assuming you even have your own IP, ...), then you might want to use some kind of VPN? Any option I see would involve either some third-party service, or VPS rental. – SYN Jan 14 '18 at 10:36
  • I was reading about using VPN but I don't know how to implement it in my case. There are free services like https://freevpn.me/accounts/ – dstonek Jan 14 '18 at 13:50

1 Answers1

6

If you're not sure all ports are blocked, the first thing I would do is check if any ports are open, using a utility like nmap.

If all ports really are blocked, one method is to create an outbound ssh tunnel from your Raspberry Pi to another computer and use that tunnel to ssh in, using port forwarding. If you have a machine at computer.domain.com, you can create this connection by running the following command on your Raspberry Pi:

ssh -R 2222:localhost:22 computer.domain.com

Then from that computer, you can ssh into your Raspberry Pi with:

ssh -p 2222 localhost

Feel free to change 2222 to any open port.

If you're not going to have easy access to your Raspberry Pi, it would be wise to use some solution to monitoring the ssh tunnel to make sure it stays open. You can see this question for some options for that.

Chris
  • 271
  • 1
  • 8
  • nmap from desktop to present RPi IP (or no-ip domain): "All 1000 scanned ports are filtered". From your answer I deduct I need a no-ip domain for my desktop computer (also dynamic IP here). I also added a EDIT 1 to my question – dstonek Jan 14 '18 at 14:01
  • From my desktop router I first forwarded port 22 to ubuntu's IP. Then I had to connect to RPi via Teamviewer to execute ssh -R 2222:localhost:22 userU@computer.domain.com. Then close Teamviewer. From Ubuntu desktop ssh -p 2222 pi@localhost and I got ssh connection. This is a good approach but I still need use Teamviewer at least for seconds. – dstonek Jan 14 '18 at 14:48
  • I have a USB stick with Linux Mint installer. It is ready to use ssh. From my Win 10 laptop and F9 I choose to boot LM. I have its public IP to run the first command replacing computer.domain.com by this IP from the RPi but despite it is displayed as online by Teamviewer it does not "connect to partner". That's why I am trying to avoid TViewer. – dstonek Jan 14 '18 at 20:17
  • 1
    @dstonek Set up the RPi so it does the ssh connection automatically. There are a number of methods to do this: for instance put a script that checks if the ssh connection is running and starts it if it is not in your crontab. Or put a script that runs autossh into your startup files. – Chris Jan 14 '18 at 21:00
  • Is it possible to create two ssh tunnels, one for my desktop computer and the other for my laptop? – dstonek Jan 15 '18 at 00:01
  • @dstonek There's a number of methods for that. The easiest would probably be to just ssh from your laptop to the desktop like `ssh -p 2222 your-desktop-address-or-ip`. You'll need to make sure your firewall allows that connection. – Chris Jan 15 '18 at 00:19
  • I performed the two steps in your answer. At my desktop router I port forwarded 2222 to desktop local IP but connection from my laptop was refused (all three computers in different networks). So I used desktop computer as a bridge: from laptop and then as a second connection from desktop to RPi. I don't know if this is the best solution, at least it works, I only would need it for no more than an hour time to time. I'm going to mark your answer as a solution, Thanks! – dstonek Jan 15 '18 at 15:13
  • Simplifying: 1) From RPi 2) from laptop and then – dstonek Jan 15 '18 at 19:54