Raspberry Pi SSH over Bluetooth

Share on:

This post was inspired by the write up about PITA from evilsocket where they describe a way to connect and SSH into a Raspberry Pi using Bluetooth. I decided to try to reproduce that part of the write up, ran into some issues but finally got it working. This has only been tested on a Pi Zero W so far but should work fine on other models as well.

Let’s start by installing some dependencies:

1apt install pulseaudio pulseaudio-module-zeroconf alsa-utils avahi-daemon pulseaudio-module-bluetooth bluez
2git clone https://github.com/bablokb/pi-btnap.git
3# install btnap as a server
4./pi-btnap/tools/install-btnap server

Edit the bluetooth configuration file /etc/systemd/system/bluetooth.target.wants/bluetooth.service and disable the SAP plugin by changing the ExecStart line as follows:

1ExecStart=/usr/lib/bluetooth/bluetoothd --noplugin=sap

Set the name that the device will present over bluetooth /etc/bluetooth/main.conf

1[General]
2
3# Defaults to 'BlueZ X.YZ', if Name is not set here and plugin 'hostname' is not loaded.
4# The plugin 'hostname' is loaded by default and overides the Name set here so
5# consider modifying /etc/machine-info with variable PRETTY_HOSTNAME=<NewName> instead.
6Name = <ENTER THE NAME HERE>
7

Note the dhcp-range configured for dnsmasq by running cat /etc/dnsmasq.conf. Edit the btnap configuration file at /etc/btnap.conf with the following:

1MODE="server"
2BR_DEV="br0"
3# Note the BR_IP you set here as it is the device IP you'll be using
4# to connect to the Pi over SSH
5BR_IP="192.168.20.99/24"    # make sure in the range defined in dnsmasq.conf
6BR_GW="192.168.20.1"        # make sure in the range defined in dnsmasq.conf
7ADD_IF="" 
8REMOTE_DEV="" 
9DEBUG=""

Enable the following services at boot and restart them:

1systemctl enable bluetooth
2systemctl enable btnap
3systemctl enable dnsmasq
4systemctl enable hciuart
5
6service hciuart restart
7service bluetooth restart
8service dnsmasq restart
9service btnap restart

Before being able to connect to the raspberry Pi via bluetooth, the device which will be used must be paired and trusted. To do this enable bluetooth on your device and ensure it is visible to devices around it. Start bluetootctl, turn scanning on then find your device in the list of devices. Copy its MAC address then pair and trust it. The steps are demonstrated below:

 1bluetoothctl
 2> agent on
 3> scan on
 4... wait for your device to show up ...
 5...
 6... now pair with its address
 7> pair aa:bb:cc:dd:ee:ff
 8... and trust it permantently ...
 9> trust aa:bb:cc:dd:ee:ff
10... wait ...
11> quit

“Free up” the wlan0 interface to be used for other purposes by editing the file /etc/network/interfaces as follows:

 1auto lo
 2iface lo inet loopback
 3
 4# enable for bluetooth access
 5allow-hotplug wlan0
 6iface wlan0 inet static
 7
 8# enable for wifi access
 9# uto wlan0
10# iface wlan0 inet dhcp
11# wpa-ssid "<SSID>"
12# wpa-psk "<PSK>"

Disable wpa_supplicant and reboot:

1service wpa_supplicant disable
2reboot

After reboot, find the Raspberry Pi on your device’s bluetooth list and connect to it. Open an SSH client and connect to the board on the address set above (192.168.20.99 unless a different one was set). If you’re using an Android phone you may need to place it in airplane mode otherwise the SSH connection does not complete (remember to turn on bluetooth once in airplane mode).

Secure the SSH server as you normally would, for example by disabling password authentication.