The terminal is a basic tool when working with Raspberry Pi, but accessing a Raspberry Pi from outside the local LAN requires port forwarding. This is a simple way to get a terminal in a web browser from anywhere!

Our goal is to be able to access the Raspberry Pi terminal from anywhere.

Installing Node.js

Unfortunately the version of Node.js shipped with the latest binary is pretty old. To download and install the latest version of Node please do the following:

ssh pi@myip curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash - sudo apt-get install nodejs node --version pi@raspberrypi:~ $ node --version v6.9.2

Once you get the latest Node, you will need to use npm to install beame-insta-ssl

Installing beame-insta-ssl and getting a cert

pi@raspberrypi:~ $ npm install -g beame-insta-ssl

Then open a web browser and go to: https://ypxf72akb6onjvrq.ohkv8odznwh5jpwm.v1.p.beameio.net/insta-ssl

Pass the Captcha and prove you are not a bot, and you will get a token in your email. If you have already done this previously, go and get yourself a second set of credentials just for terminal. This is the simplest way to do it.

pi@raspberrypi:~ $ beame-insta-ssl create 'token from email'

Wetty

The next step is to install wetty We will install it with the -g option to use it as a command. Check out wetty here.

Terminal over HTTP and HTTPS. Wetty is an alternative to ajaxterm/anyterm but much better because Wetty uses ChromeOS' terminal emulator (hterm) which is a full-fledged implementation of terminal emulation written entirely in Javascript. Also it uses websockets instead of Ajax and hence has better response time.

pi@raspberrypi:~ sudo npm install wetty -g

Wetty can be run as HTTP or as HTTPS. We can do either option to run it as HTTP:

pi@raspberrypi:~ wetty -p 8556 http on port 8556 pi@raspberrypi:~ $ beame-insta-ssl tunnel 8556 http Starting tunnel https://cgqjqvahrdurqwhi.v1.p.beameio.net -> http://localhost:8556

Then open Chrome anywhere to https://cgqjqvahrdurqwhi.v1.p.beameio.net

Word of caution

The processes will die together after you logout from SSH; in the next tutorial we will set this up as a system service.

Security Issue

Right now this is configured with a password-based authorization. This is a weak spot compared to normal SSH authorization. I think there is a way to make it work like it should with a client browser cert, as ID_RSA but it will take a bit more time.

Check out our Github page for more!