Remotly Secure Internet Access using Raspberry Pi and proxy


The last challenge was to find a way for a friend to access his static IP, securly, from anywhere. Well, we did it with Raspberry Pi. Why? The main reason was that it was the cheapest way to do that. It's not only the cost to buy the equipment but also the cost of have the machine on, 24/7. So the Raspberry Pi and the router are plugged on UPS. Since everything was set, now start the fun part!!!

1. Install Raspbian and update it.
- Find the SD card:

or better


eg it's /dev/sdb1.
- Unmount the SD

- Copy the image to your SD (don't forget to add sudo before):

You're all set. Don't forget the user-pass:

You should proceed with update (you can login using ssh with the command ssh root@RASPBERRY's IP):


2. Next step, set static IP (as described here):
- Edit the file /etc/network/interfaces

- Find the line and change it:

Use IP 192.168.1.250, near the end of the DHCP IPs that the router provide you.
To save, press Ctrl+X key on keyboard and then ‘Y’ Enter to exit the text editor.

3. Change the ssh port on Raspberry Pi (as described here):
- Open nano editor:

- Find the text:

and change it to whatever you like. Eg 8080
To save, press Ctrl+X key on keyboard and then ‘Y’ Enter to exit the text editor.
- Restart ssh


4. You'll need to open your router's ssh port (step 3) and forward it to your Raspi's IP address on your LAN (step 2). It depends on your router. Usually there's NAT, or Virtual server or Port forward.

5. Change raspberry pi default password.
Open terminal under the user you want to change the password. Don't forget there are 2 users (pi and root).
Use the command passwd and you'll be prompted for the current password first and then the new password. You will see the following result if you successfully change the password.

6. Now you have to use the computer you'll carry with you that you'll login remotly (your netbook):
- Open the editor:

you have to add the following:


Also under section Host *, you'll find:


Uncomment the first and change it to no. This won't ask you for root password everytime you connect. You'll see later that there's an SSH passphrase for that reason. Also uncomment the port you want to listen.
Type ctrl-X and say yes to the prompt to overwrite the current copy of ssh_config.

7. Create ssh keys (as described here or here):
- Use the command on your laptop:

This will prompt you for a secret passphrase. If this is your primary identity key, make sure to use a good passphrase. If this works right you will get two files called id_dsa and id_dsa.pub in your .ssh dir.
- Copy the id_dsa.pub file to the Pi's .ssh dir with the name authorized_keys2.

- Now Pi is ready to accept your ssh key. How to tell it which keys to use? The ssh-add command will do it.

This will start the ssh-agent, add your default identity (prompting you for your passphrase), and spawn a bash shell.

8. You can either add a proxy on your firefox or just use the add-on named Autoproxy (add it directly from here).
Use

Now you can change the proxy you want to use from the add-on.

9. Whenever you want to connect from outside (from your netbook), open the terminal first and use the command:

It'll adk you for a passphrase. After you pass this step, minimize terminal and open Firefox. Then change the proxy from the Autoproxy add-on.
Now you're all set.

10. If you want to get rid of the GUI (since you will use only terminal), follow the steps (as described here):


Also if you want to set the memory usage so that there is only bare minimum used for the graphics, you need to copy the required memory split file to start.elf, eg. arm240_start.elf would give you 240MB RAM with 16MB for the GPU.

Resources:
1. How to use a Raspberry Pi as a secure Web gateway from anywhere

Δεν υπάρχουν σχόλια

Από το Blogger.