Raspberry Pi SSH Access via VPS - Installation Guide

Overview

This setup creates a reverse SSH tunnel from your Raspberry Pi to your VPS, allowing you to SSH into your Pi from anywhere through the VPS.

Architecture

[Your Computer] → [VPS:22] → [Tunnel:2222] → [Raspberry Pi:22]

Step-by-Step Installation

Step 1: VPS Setup

1. SSH into your VPS:

   ssh root@YOUR_VPS_IP
   

2. Create tunnel user:

   sudo useradd -m -s /bin/bash rpi-tunnel
   sudo -u rpi-tunnel mkdir -p /home/rpi-tunnel/.ssh
   sudo -u rpi-tunnel chmod 700 /home/rpi-tunnel/.ssh
   sudo -u rpi-tunnel touch /home/rpi-tunnel/.ssh/authorized_keys
   sudo -u rpi-tunnel chmod 600 /home/rpi-tunnel/.ssh/authorized_keys
   

3. Configure SSH daemon:

   sudo nano /etc/ssh/sshd_config
   

   Add at the end:

   Match User rpi-tunnel
       AllowTcpForwarding yes
       PermitOpen localhost:2222
       GatewayPorts no
   

4. Restart SSH:

   sudo systemctl restart sshd
   

Step 2: Raspberry Pi Setup

1. SSH into your Raspberry Pi:

   ssh pi@RASPBERRY_PI_IP
   

2. Generate SSH key (if not exists):

   ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N ""
   

3. Display public key:

   cat ~/.ssh/id_rsa.pub
   

4. Copy this key to VPS (from RPi):

   ssh-copy-id -i ~/.ssh/id_rsa.pub rpi-tunnel@YOUR_VPS_IP
   

   Or manually: Copy the output and add it to /home/rpi-tunnel/.ssh/authorized_keys on VPS

5. Test connection:

   ssh rpi-tunnel@YOUR_VPS_IP
   

   (Should connect without password, then exit)

6. Create tunnel script:

   nano ~/rpi-tunnel.sh
   

   Paste:

   #!/bin/bash
   VPS_IP="YOUR_VPS_IP"
   VPS_USER="rpi-tunnel"
   REMOTE_PORT=2222
   LOCAL_PORT=22
   
   while true; do
       ssh -N -R ${REMOTE_PORT}:localhost:${LOCAL_PORT} \
           -o ServerAliveInterval=30 \
           -o ServerAliveCountMax=3 \
           -o ExitOnForwardFailure=yes \
           ${VPS_USER}@${VPS_IP}
       
       echo "Tunnel disconnected. Reconnecting in 10 seconds..."
       sleep 10
   done
   

   Make executable:

   chmod +x ~/rpi-tunnel.sh
   

7. Test the tunnel:

   ./rpi-tunnel.sh
   

   (Leave it running, open new SSH session to continue)

Step 3: Make Tunnel Persistent (Auto-start)

1. Create systemd service:

   sudo nano /etc/systemd/system/rpi-tunnel.service
   

   Paste (replace pi with your username):

   [Unit]
   Description=Raspberry Pi Reverse SSH Tunnel
   After=network-online.target
   Wants=network-online.target
   
   [Service]
   Type=simple
   User=pi
   ExecStart=/home/pi/rpi-tunnel.sh
   Restart=always
   RestartSec=10
   
   [Install]
   WantedBy=multi-user.target
   

2. Enable and start service:

   sudo systemctl daemon-reload
   sudo systemctl enable rpi-tunnel
   sudo systemctl start rpi-tunnel
   

3. Check status:

   sudo systemctl status rpi-tunnel
   

Step 4: Connect to Raspberry Pi

1. From anywhere, SSH to your VPS:

   ssh root@YOUR_VPS_IP
   

2. Then connect to RPi through tunnel:

   ssh -p 2222 pi@localhost
   

3. Optional: Create shortcut script on VPS:

   echo 'ssh -p 2222 pi@localhost' > ~/connect-rpi.sh
   chmod +x ~/connect-rpi.sh
   

Troubleshooting

Check if tunnel is active on VPS:

sudo netstat -tlnp | grep 2222

View Raspberry Pi tunnel logs:

sudo journalctl -u rpi-tunnel -f

Manual tunnel test from RPi:

ssh -N -R 2222:localhost:22 rpi-tunnel@YOUR_VPS_IP

Reset everything:

On VPS:

sudo pkill -u rpi-tunnel

On RPi:

sudo systemctl stop rpi-tunnel

Security Notes

• Only localhost connections to port 2222 are allowed on VPS
• The tunnel user has minimal privileges
• SSH keys are used instead of passwords
• Tunnel auto-reconnects if dropped

One-Line Direct Connection (Advanced)

From your computer, connect directly:

ssh -J root@YOUR_VPS_IP -p 2222 pi@localhost

This uses SSH jump host to connect through VPS in one command.