I have few applications running round the clock on the Pi. Whenever I got out of my house, it became very difficult to check on the Pi's health and status. I subsequently overcame the minor hurdle using ngrok. Accessing the device from outside gives rise to questions of security which I dealt with by enabling the 2FA (2 factor authentication) or 2 step authentication. So here are the steps below for you to access your Pi from outside with an added layer of security.Video Guides:
Setup two factor authenticationWritten guideStep-1 Prep ngrok
- Open a terminal on your Pi and run the following commands one after the another to download and prep the ngrok application
sudo unzip ngrok-stable-linux-arm.zip
- Now you should have a folder labeled ngrok on the /home/pi/ directory. Optionally, you can remove the original downloaded zip file to save some space
sudo rm /home/pi/ngrok-stable-linux-arm.zip
- Now get the additional files to help you setup ngrok as a service
Step-2 Setup ngrok
git clone https://github.com/shivasiddharth/ngrok-service
- Head over to ngrok's website and sign in. If you don't have an account, signup for one.
- On your ngrok dashboard and under the authentication tab, you should find your Authtoken like how its shown below.
- On a terminal on your Raspberry Pi, run the following to setup your authtoken.
/home/pi/ngrok authtoken "YOUR AUTHTOKEN COPIED FROM ngrok DASHBOARD"
- You should get an acknowledgement like shown below.
- Copy the tunnels from the sample ngrok configuration file (ngrok-sample.yml) in the /home/pi/ngrok-service/ folder.
- Open the default configuration file using:
sudo nano /home/pi/.ngrok2/ngrok.yml
- Paste the tunnels that you just copied from the sample. Feel free to remove the other tunnels that you may not need other than the SSH.
- Now verify if the tunneling is working by starting the ngrok application using
Step-3 Setup ngrok as service
/home/pi/ngrok start -all
- Run the commands one after the another to setup ngrok as service
sudo chmod +x /home/pi/ngrok-service/scripts/service-installer.sh
sudo systemctl enable ngrok.service
sudo systemctl start ngrok.service
- Temporarily stop ngrok service untill the two factor authentication setup is completed.
Step-4 Setup two factor authentication
sudo systemctl stop ngrok.service
- Enable SSH if not already done using:
sudo systemctl enable ssh
sudo systemctl enable ssh
sudo systemctl stop ssh
- Enable two factor challenge. Open ssh config using:
sudo nano /etc/ssh/sshd_config
- Change ChallengeResponseAuthentication from the default no to yes.
- Save the config file and exit.
- Install google pluggable google authentication module
sudo apt install libpam-google-authenticator
- Run the following to start authenticator module
- Download Google Authenticator app on your mobile and link the PAM module by scanning the QR code on screen.
- Configure PAM to add the two factor authentication.
sudo nano /etc/pam.d/sshd
- Add the following line to the beginning
auth required pam_google_authenticator.so
This can be added below or above @include common-authStep-6 Restart ssh and ngrok
- Thats a wrap restart the services
sudo systemctl restart ssh
sudo systemctl restart ngrok.service