Access your Raspberry Pi without a public IP

Or just use <a href="https:&#x2F;&#x2F;www.raspberrypi.com&#x2F;software&#x2F;connect&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.raspberrypi.com&#x2F;software&#x2F;connect&#x2F;</a>

&gt; However, all of these methods usually require port forwarding, which can pose security risks.<p>Except that pinggy appears to be an ngrok clone which is basically equivalent to port forwarding in terms of security<p>If you don&#x27;t want to expose the port for security reasons you are better off using tailscale&#x2F;zerotier&#x2F;wireguard

Here is a much better technique which only relies on SSH <a href="https:&#x2F;&#x2F;www.jeffgeerling.com&#x2F;blog&#x2F;2022&#x2F;ssh-and-http-raspberry-pi-behind-cg-nat" rel="nofollow">https:&#x2F;&#x2F;www.jeffgeerling.com&#x2F;blog&#x2F;2022&#x2F;ssh-and-http-raspberr...</a>

&gt; In this blog, we’ll discuss how to securely connect to your Raspberry Pi or IoT device remotely from anywhere over the internet without port forwarding<p>Port forwarding over ssh is still... port forwarding.<p>This is neat and can be quite useful, but it&#x27;s still port forwarding. There&#x27;s nothing wrong with that - it&#x27;s not like people will easily guess the hostname and port number and will start brute forcing ssh using this.<p>But neither VNC nor RDP should ever, for any reason, be connected directly to the Internet, even if using a random port number. Use ssh with -L to connect to VNC or RDP over ssh.

How&#x2F;why would I trust &quot;xrdp&quot; and&#x2F;or pinggy.io? It sounds like I&#x27;m allowing them unfettered access into my home network.

I&#x27;ve done tunneling&#x2F;port forwarding&#x2F;ANT config for years. I know how to get them work.<p>But fundamentally, I still don&#x27;t understand why such issue exists.<p>Like, my (behind NAT, no public IP, whatever) device can visit any website or web services fine without any extra configuration. And obviously the servers of these services can reach me to send the content I need.<p>But then suddenly, if I want to reach my device from outside, I need all these extra stuff. What&#x27;s the difference?<p>(I understand this is a very, very dumb question. Forgive my ignorance!)

i would consider this bad advice.<p>The ssh process that does the port forwarding is not reliably running in the background. Opening ports like ssh or xrdp to the public internet is not good security practice. OP says it&#x27;s not port forwarding, but it&#x27;s still port forwarding.<p>This seems like a simple service to make a quick buck.<p>What you should really look into is setting up a VPN like wireguard.

tailscale&#x2F;wireguard

These are certainly good ways to go about it, but <a href="https:&#x2F;&#x2F;www.raspberrypi.com&#x2F;software&#x2F;connect&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.raspberrypi.com&#x2F;software&#x2F;connect&#x2F;</a> does exist and is completely free and pretty easy to use

If you do this or similar, choose very good passwords because it is certain to be probed.<p>Also consider using the whitelist option.

How is it different from tmate that allows to use ssh keys for auth?

AT&amp;T Archives on YouTube.<p><a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;playlist?list=PLDB8B8220DEE96FD9" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;playlist?list=PLDB8B8220DEE96FD9</a>