Enable an RPi to serve as an ioT gateway for our P2 Hardware - while dedicating only 2 pins for serial communication
DRAFT: --Content is a work in progress--
When I work remotely from my RPi's i'm logging into them using the secure shell client (ssh.) This is one of a suite of command-line tools which help us with remote access to our RPi's. By secure shell access I mean that our communication between the two machines is encrypted.
REF: man(1) pages for SSH and related tools: The OpenSSH Manual Pages
Logging in to run commands on RPi:
ssh pi@pip2iotgw.home # log onto RPi pip2iotgw as the pi user
Copying a file to the RPi:
scp file.txt pi@pip2iotgw.home:~/Documents # copy your file to RPi:/home/pi/Documents/ folder
Copying the same file back to my current directory:
scp pi@pip2iotgw.home:~/Documents/file.txt . # copy file from RPi to your current folder
NOTE in these examples you see the use of the .home domain. This is true for my home network but most likely your network is configured differently! Please use whatever is appropriate for your network environment.
I set up password-less ssh access to my RPi's for two major reasons:
-
I can from the command line on my desktop log into the RPi and run commands, or copy files to and from the RPi to my desktop
-
With SSH access enabled, I can work within VSCode on my Desktop but VSCode logs into the remote RPi for me and presents the files from the RPi to me as if they were on my Desktop machine. And with the terminal access built into VSCode, the commands I run in terminal are actually running on the RPi itself.
To work with SSH you will setup public/private keypair on your Desktop (if you haven't already, most of us already have) and you will tell the RPi about your ssh key by running the ssh-copy-id(1) command:
ssh-copy-id pi@pip2iotgw.home # then answer with RPi password and follow instructions
This will prompt for the RPi password once during the setup but thereafter you can get in with out being prompted for a password.
-
SSH over WiFi can sometimes be blocked by your Wifi Access Point - it may need to be configured to allow the ssh traffic to be forwarded. (e.g., Google Home APs can be difficult to set up - if you can even find a way to do it.)
-
Sometimes your network is not fully setup for name resolution for your RPi names. In this case you can use the IP address of your RPi instead of the hostname to gain access
-
Don't expect to be able to gain access to devices within your home from outside your home network. This is likely blocked unless you've specifically (and carefully configured it). My firewall blocks all such access from outside my home and this is intentional! I can get to any external machine (for which I'm granted access) from within my home. THis is not normally blocked.
- Encrypt traffic when possible to prevent accidental exposure
- Don't let access to a network machine expose access to other machines on your network - all machines, all accounts should require authentication for access
- Shape any development password-less access to be from one, or a tiny few, of your more secure machines to the others. Don't allow the other machines to access each other (or back to your main development machines) without requiring passwords for access
- Don't attach any hardware to your network that still has default passwords for any account on the machine. Any reasonably informed attacker knows about these accounts and passwords
- Don't poke holes (allow traffic on specific ports) through your firewall unless you really know what you are doing and are doing it carefully. Test your careful work by doning penetration testing from outside to ensure you haven't created any unexpect holes in your firewall. Typical homes are attacked many times a second - the bad actors are trying to gain access via known ports/known services. If you expose these they will get in
- Password protect access to all wireless access points (e.g., a new device trying to connnect must provide password, use the encrypted forms of authentication)
- Have very few, one is best, external access points to your home network. Do have a firewall on every one of these external internet exposed machines which protects the rest of machines on your network
- Remember Wireless Access Points are also an entrypoint into your home network from outside your home so make sure it's configured to defend against unwanted external users
- Don't post passwords to any network attached devices where they can be seen by people you aren't expecting to have access
- Basically do what you can to reasonably reduce accidental exposure because: If someone really wants to get into your network they will likely have more resources than you and they will get in.
If you like my work and/or this has helped you in some way then feel free to help me out for a couple of ☕'s or 🍕 slices!
Raspberry Pi is registered trademark of Raspberry Pi (Trading) Ltd.
Parallax, Propeller Spin, and the Parallax and Propeller Hat logos are trademarks of Parallax Inc., dba Parallax Semiconductor
This project is a community project not for commercial use.
This project is in no way affiliated with, authorized, maintained, sponsored or endorsed by Raspberry Pi (Trading) Ltd. or any of its affiliates or subsidiaries.
Likewise, This project is in no way affiliated with, authorized, maintained, sponsored or endorsed by Parallax Inc., dba Parallax Semiconductor or any of its affiliates or subsidiaries.
Licensed under the MIT License.
Follow these links for more information: