I'm new to any sort of programming for networks, and would like a little advice before I start.
I would like to run a server (Raspberry Pi) at home, which I would like to be able to contact to run particular programs/scripts and to trigger other events on my home network (WoL, home automation stuff etc)
I would like to be able to contact it independently of the platform - i.e. from Android & Windows primarily, iOS and Linux perhaps.
I would like to have some sort of security, in that I don't want anyone else to be able to contact my RPi and operate it.
Is there some sort of standard interface that is used for this sort of thing? I was thinking of running Apache, but thought I'd check there aren't more targeted solutions available first.
Cheers
Secure Socket Shell (ssh) would be my suggestion. It's already installed under RPi AFAIK, but you probably want to generate a public/private keypair and only permit login to your server using the keypair (i.e. disable password authentication). Also restrict the allowed users to you alone. Don't do this as root; instead create some setuid scripts to perform any admin-only tasks within the server and restrict the access control on those scripts.
One more tip to avoid constant crack attempts: move the port from 22 to 422 (which could be done using the NAT config of your internet router).
You could probably use libssh, however for some client platforms you might be able to get away with a shell script implementation.
Related
I would like my android application to automatically connect to my Raspberry Pi 4 stand alone access point, knowing the ssid and password. However, from what I can find its not secure and hard to force connection to a wifi without direct user consent.
Can this be accomplished? Or is there a better way, like making Wifi Direct between the phone and Raspberry device?
If so, can you guide me in the right direction?
The stand alone access point is created as so:
ssid="RPiNet"
mode=2
frequency=2437
#key_mgmt=NONE # uncomment this for an open hotspot
# delete next 3 lines if key_mgmt=NONE
key_mgmt=WPA-PSK
proto=RSN WPA
psk="password"
Not sure what you mean by wanting your app to connect to the Access Point, but if something that you can establish an SSH server or something similar on. You might have some luck with the free 3rd party library JSCh (Java Secure Channel). If you're looking to tune in on specific frequencies / bands, that may require a bit more in the way of low-level radio control..
To my knowledge on that end there's probably something in the android libraries that allows you to access wifi parameters; however, you may need to provide administrative permissions and most devices typically only connect to one 802.11 device at a time, so you'd have to make sure your existing connection isn't fighting to take over.
I would like to create logfiles of the activities on my Android phone.
The goal is to be able to trace back any suspicious activities of apps and check if the phone's been hacked.
In this question someone suggested using a proxy server.
But using a proxy changes the ip used and a lot of services (i.e. Netflix) block mobile traffic coming from either server ip's or home ip's when making mobile requests.
The question is already 3.5 years old so maybe the options have changed.
As for the network traffic an option to setup a local proxy on the device itself with a possibility to set logging rules would work though.
How could you setup a local proxy on an Android device?
However this is only the first part as to find possible suspicious activities. But without logging the actual phone activities it will be difficult (or impossible) to actually find out which malicious code or app is doing this.
How can we log activities on Android?
I think when loggin all user activities like touch events etc. and all calls between apps would suffice.
Can this be done without rooting the device? And if not how would one do this on a rooted device?
I would prefer to have this device independent, but I use an Oneplus 6 with Oxygen OS.
I am trying to do some wacky home automation which will require me to send a signal from my Android phone to my Pi 3 in order to execute a script to control a motor using the GPIO pins.
The only part I'm stumped on is the best way to connect the Android and Pi.
I've read so many different things and it's all overwhelming, the amount of differing answers I've seen.
So far I'm leaning towards using Jsch in my app to ssh into the Pi and execute the command, but I have been told this is silly.
Can anybody explain to me why this is a bad idea and explain to me a better one? Ideally the phone app would be able to connect over both local network and other networks.
Nothing is wrong with SSH, but people typically use web servers on the Pi plus HTTP requests on the Android side. Or you can run your own protocol via a raw socket connection.
SSH commands might be more secure if you use SSH keys.
Otherwise, you'd be exposing your commands to anyone snooping on your internet traffic, and random people will be controlling your devices
Either way, if you want access both internal and external to home, you can do more research to see if you can "port forward" your router
The advantage of using HTTP for this sort of thing is that it potentially creates its own user interface. What I mean by this is that, if the interface on the Pi is a Web server, then you have a way to provide an HTML/JavaScript interface to your Android device, and thus avoid the need to create an Android app at all -- the user just needs a browser. The whole user interface is managed from the Pi.
I've used this approach for motor control on the Pi a fair bit. On the Pi I use a C program that embeds the libmicrohttpd webserver engine. The program can serve out ordinary HTML pages to create the user interface on the browser, or respond to particular HTTP GET requests that result from the user clicking buttons or manipulating sliders or whatever. You can do some really sophisticated stuff by sending JavaScript functions that make their HTTP requests outside the normal HTTP request/response flow, so you can (for example) have a browser display that updates dynamically (e.g., display sensor values from the Pi).
Moreover, it's easy-ish to provide some kind of security using SSL and HTTP authentication. I prefer C, but there are webserver libraries for Python that work on the Pi as well.
To my way of thinking, the only time it's worth considering something more complex than this is when you need a user interface on Android that can't be implemented in HTML/JavaScript.
I'm sure there are many different ways to do what you want. I prefer to do most of the work on the Pi, because I find writing Android apps deeply unrewarding. On the other hand, if you like developing for Android and have plenty of experience doing so, the approach you suggested -- sending commands to the Pi over SSH -- could work perfectly well. It would just mean doing most of the work in Android.
Yes, ssh is silly solution. I suggest to develop rest api webservice, host it on your PI and invoke it from your Android app
I am developing a parental kind of App in which there is a requirement to block specific urls from all the browsers in the Device. I think this is an old question but couldn't find any solution yet on stack.
Do you have any working solutions. Assumption - The device is rooted.
Regards,
sha
I have two resources for you:
Since the device is rooted you can work directly with iptables. iptables will give you very precise control over all coming and going data packets. Check out open source projects like AFWall+ on GitHub for iptables in action.
If you want to be able to run your app on unrooted devices look into creating a fake VPN. You don't send any data to an actual VPN server, you simply use the VPN API to filter all the information coming and going. Check out Disconnect (whenever they actually share their open source code...) or OpenVPN which is what Disconnect builds on.
I am a little stumped. I've been trying to find a way for a wireless device (i.e. Android/ios/Windows mobile devices) to receive a message from a central server and then launch the device web browser.
The Scenario: a server on a WLAN network monitors a certain system. when something on the system goes wrong, the system stops what it is doing and sends an error message to the server and wait for the user to enter a response on the server before it resumes what it was doing.
Now, I want to send a message from the server(when the system it is monitoring crashes) to the wireless devices, so the user does not have to go to the server all the time to continue the system but can just do it over the wireless device (in the web browser).
Just to clarify, I know how to send a message out from the server to everybody connected to the wireless network, i just don't know what to do with that message on the devices...
Any ideas or solutions would be HIGHLY appreciated...
Thanks in advance
You can do this a few different ways:
1) Using commercially available Push Notifications (Google & Apple for example). The advantage is your application will work outside of your wireless LAN, but the disadvantage is you're using their platform, which is restricted in its ability and functionality (having designed and built a couple of these platforms myself I can attest to their limitations - they were going for "least common denominator" when they designed and implemented theirs).
2) If your app is only going to run on a LAN (you control the network) you can put your own system together. The advantage here is there is almost nothing that cannot be done (except on iOS which has several limitations related to the topic). The disadvantage, though, is this is a lot of work.
3) Leveraging an existing platform that might have been designed for a different purpose but can easily be used with minimal changes for your own purposes, and offers a nice compromise between options #1 and #2 (this will require some additional backend/middleware servers to add to your mix). Look at XMPP and Jabber as an example.
Once you have this piece of your architecture in place - receiving pushed data - the only missing item is invoking the handset's browser (or browser type component in your own native application) in response to the received payload.
** As possible alternatives it's worth noting that most mobile platforms allow your native application to directly interact with the handset's IMs or e-mails. For example, you can write code that intercepts a specifically formatted IM, with a small payload, and use that as a "poor man's push engine." I have put together little POCs (proof of concepts) for clients using this technique on Windows Mobile, BlackBerry, and Android (not sure what's possible with iOS in this regard) as it's quick and easy.
The hard part is the pushed data (but several available options on how to handle this requirement), the easy part is invoking the browser.