4

I'm working on a personal project that involves a Beaglebone blue. I want to access it remotely from anywhere. I'm not sure what the best way to do this is. I know I could just forward a corresponding port (unsafe) or something along those lines but I want to avoid too many security flaws. The board controls a camera which I plan on displaying in a UI that also allows me to move the camera around. There are so many companies that have devices that can be controlled from anywhere...so how do I?

sabo
  • 911
  • 13
  • 37
  • What's your definition of "access it remotely"? If SSH, then it's quite simple. Just forward the port (use something other than port 22 on public interface to ignore 99.99% of automated attacks), make sure your SSH server is up to date at all times, and configure it to permit login only by keypair (not password). Your personal project couldn't be more secure. All the other solutions will be much, much more complicated. – Tarmo Jun 22 '21 at 06:21
  • I'll be creating a web UI that is hosted on the beaglebone as well. I'll just have the scripts start when the board starts but the web UI is what I'll need access to remotely since it will be what calls my flask api which will handle controlling the board. – sabo Jun 22 '21 at 13:46
  • Sure, but you can easily tunnel the Web UI over the SSH connection. Just tell the SSH client to forward local port 80 to remote port 80 (usually by command-line option `-L 80:localhost:80` or the equivalent in SSH GUI clients) and you'll have access to your UI running on BB on address http://localhost:80. I'd still vote this as the most practical home-built remote access solution. – Tarmo Jun 24 '21 at 16:18

3 Answers3

2

There are a lot of solutions for this question. I will mention a few.

In general your device should either:

Have a public ip (if your infra allows it and your ISP provides this service), and then you can access it directly.

Connect to an online server using some service:

  1. Using VPN. Connecting your device to an openVPN server (I think this is the most popular solution). Wiregurd is also quite popular
  2. Using consul or etcd or similar service for its service discovery feature
  3. Using a cloud provider (AWS, Azure, GCP etc.) IoT service products
ofirule
  • 4,233
  • 2
  • 26
  • 40
  • 1
    By a public IP I assume you mean a static IP provided via my ISP right? – sabo Jun 22 '21 at 00:28
  • Unfortunately, my ISP does not allow residential customers to have static IPs. – sabo Jun 22 '21 at 13:44
  • This is the worst solution in my opinion. It's ISP dependant, and it as a lot of security considerations. Also all the other solutions (unless some special config is applied) will work anywhere as long as your device have internet connection – ofirule Jun 22 '21 at 13:54
  • So if I use something like openVPN it will be as easy as keeping it connected to the vpn and I'll be able to access it from anywhere? That may be the route to go since openVPN looks to be free for 2 connections. – sabo Jun 22 '21 at 18:59
  • OpenVPN is free for any number of connections. I would suggest to install openVPN server on some instance and connect both your PC and the beaglebone device to the server. That way they will be able to communicate via the VPN net. Note that it's not easy and will require some work and configuration – ofirule Jun 22 '21 at 20:47
  • Is there a solution you think would be easier than going the VPN route? I'll be hopefully testing this out this weekend. – sabo Jun 24 '21 at 04:13
1

So let me post my comments as a coherent answer. Assuming you have a dynamic IP but otherwise unrestricted access to it from public Internet:

  1. Make sure your router always gives the BB the same address in LAN
  2. Install your Web UI and other stuff on BB
  3. Configure SSH server on BB to accept only key-based authentication, no passwords (PasswordAuthentication no in /etc/ssh/sshd_config).
  4. Generate a keypair in your PC and give your public key to the BB (in /home/<youruser>/.ssh/authorized_keys). Ensure key-based SSH logins works in local network before proceeding.
  5. Subscribe to a dynamic DNS service with a Linux client that runs on ARM. Install the client on BB.
    I use No-IP, where the client comes as source code and probably compiles on BB (haven't tested). It's a bit annoying as you have to re-activate your free subscription once a month, maybe there are better services.
  6. In your router forward a random external port (8822, 62222, pick a mnemonic) to the BB-s IP and port 22.
  7. Remotely SSH into the BB using your dynamic DNS and external port (e.g. myhome.no-ip.org:62222). While testing in your LAN, note some routers support a "hairpin" connection to the public IP from inside the LAN, some don't.
    Don't forget to configure your SSH client to activate local port 80 forwarding in the client (-L 80:localhost:80 in command line, similar in Putty GUI)
  8. While the SSH link is up, you can access the Web UI running in BB from your local PC on address http://localhost:80 (securely tunneled through the SSH connection).
Tarmo
  • 3,728
  • 1
  • 8
  • 25
0

You could use something like Remote.it to connect to your beagle bone. There is a guide for raspberry pi's that can probably be adapted for the beagle bone.

Guide: https://support.remote.it/hc/en-us/articles/360047542051-Installing-remoteit-on-a-Raspberry-Pi-running-Raspbian-or-Raspberry-Pi-OS

Additionally, if you know python, you could use Adafruit.io as a basic control unit. I set it up once to execute commands that I posted, and it gave me the result a few seconds later. Good Luck!

Bill Smith
  • 53
  • 6