===== SSH tunneling =====

==== The problem ====

I have several Raspberry Pi (RPi) in my home, I have 1 MB connection with MiFi modem. I can ask to my operator to get an public IP address or get open ports, I spent a lot of time out of my home, but I want get access to all my RPi.

I checked that some partners of work and friends uses a lot of third party services to get access their RPi, lot of lammers! I don't want depend of third party services and get off my privacy.

I read about SSH tunneling, I have time to play and this is my result.

I little diagram about my scenario:

{{:rpitunneling.png?600|}}

==== My solution ====
I have one VPS for my personal stuff. I have hosted this web page and Nextcloud, some monitoring tools and other stuff, please don't hack me.

I can make a SSH tunneling from my RPi to my VPS so I can enter to my VPS from any place in the world and get access to my RPi.

Follow this steps to start a test, enter to your RPi and create the tunneling, for example:
<code>
ssh -R 2210:localhost:22 youruser@estebanmonge.tk -p 22
</code>

You need change the parameters to fit with your scenario. Now you can enter to your VPS and enter the next command:

<code>
ssh -p 2210 youruser@localhost
</code>

And you get access to your RPi.

The problem is if you closes the terminal, you will finish the SSH session, you need execute the next command to put in background the SSH tunneling:
<code>
ssh -N -f -R 2210:localhost:22 youruser@estebanmonge.tk -p 22
</code>

You still having problems, the server will ask the password, you need generate ssh keys to stop asking passwords, please follow this steps in RPi as "youruser". Answer the questions, generally is default option but please doesn't configure a password.

<code>
ssh-keygen
ssh-copy-id -p 22 estebanmonge.tk
</code>

You can how verify that you can make a SSH without enter password. Now you can make the SSH tunneling without password.

==== Troubleshooting ====
If the connection fails and when you make a new connection you received this message: "Warning: remote port forwarding failed for listen port", you need kill the process in the VPS server, follow this steps:
<code>
$ netstat -nlp | grep :2210
</code>

Check the process ID and kill it:
<code>
$ kill $PID
</code>

You can avoid that the SSH session still running in VPS if fails in RPi adding in the file /etc/ssh/ssh_config of your RPi and VPS the next line:
<code>
ExitOnForwardFailure yes
</code>
==== References ====
   * https://unix.stackexchange.com/questions/106561/finding-the-pid-of-the-process-using-a-specific-port
   * https://superuser.com/questions/352268/can-i-make-ssh-fail-when-a-port-forwarding-fails
   * https://serverfault.com/questions/595323/ssh-remote-port-forwarding-failed
   * https://toic.org/blog/2008/ssh-basics/
   * https://toic.org/blog/2009/reverse-ssh-port-forwarding/

==== Credits ====
   * Icons made by http://www.freepik.com, Gregor Cresnar and Madebyoliver  from http://www.flaticon.com is licensed by Creative Commons BY 3.0
   * Raspberry Pi is a trademark of the Raspberry Pi Foundation