Select Page

You may have read my post on setting up the Raspberry Pi to access the desktop remotely.  I got most of that accomplished with a bit of determination and some help from the good people of Reddit /RaspberryPi.   Once I’d sent reddit my post, u/newdles and u/wittless both made some really good suggestions about using an SSH Tunnel to route traffic from the browser on my current computer to the Rasberry Pi. This eliminates the need for any remote desktop software like VNC which is inherently insecure because the data it sends isn’t encrypted.

SSH (Secure SHell) is a much better option than my original plan for a few reasons.  First as the name implies, it’s relatively secure.  The web traffic is encrypted while it’s travelling back and forth between my laptop and the Raspberry Pi.  For the time being, short of the NSA, most people won’t have access to the traffic stream.

Second, it’s far faster than VNC.  Because VNC has to send graphics data between two computers it tends to be pretty slow and finicky when you’re trying to move about the desktop, open files and applications, and manipulate settings. It’s always been like this and even with significantly higher internet speeds, it hasn’t drastically improved in the 15 years I’ve used it.

I found a great walk through from Hey Stephen Wood on SSH Tunnelling on the Mac, and since I was already set up for SSH terminal access, it was really just the proxy configuration I needed.   The only thing different in my own setup was that I’d changed my default port from 22 to (something else) on the advice of u/witless on that reddit thread.

Stephen suggests using this to connect to your Pi:

$ ssh -D 8888 username@yourwebserver.com -vv

But when the default port has been changed, this is actually what you’ll need to do.

$ ssh -D 8888 -p [YourNewPortNumber] username@yourwebserver.com -vv

I got a bit confused by his 8888, and tried to jam my port number in there unsuccessfully.  The -D 8888 specifies a port on the local computer where that tunnel can transit through. Obviously my non-default port needed to be specified separately. :)