Raspberry Pi SSH over Bluetooth
This post was inspired by the write up about PITA from evilsocket where they describe a way to connect and SSH into a Raspberry Pi using Bluetooth. I decided to try to reproduce that part of the write up, ran into some issues but finally got it working. This has only been tested on a Pi Zero W so far but should work fine on other models as well.
Let’s start by installing some dependencies:
1apt install pulseaudio pulseaudio-module-zeroconf alsa-utils avahi-daemon pulseaudio-module-bluetooth bluez 2git clone https://github.com/bablokb/pi-btnap.git 3# install btnap as a server 4./pi-btnap/tools/install-btnap server
Edit the bluetooth configuration file
/etc/systemd/system/bluetooth.target.wants/bluetooth.service and disable the SAP plugin by changing the
ExecStart line as follows:
Set the name that the device will present over bluetooth
1[General] 2 3# Defaults to 'BlueZ X.YZ', if Name is not set here and plugin 'hostname' is not loaded. 4# The plugin 'hostname' is loaded by default and overides the Name set here so 5# consider modifying /etc/machine-info with variable PRETTY_HOSTNAME=<NewName> instead. 6Name = <ENTER THE NAME HERE> 7
dhcp-range configured for dnsmasq by running
cat /etc/dnsmasq.conf. Edit the btnap configuration file at
/etc/btnap.conf with the following:
1MODE="server" 2BR_DEV="br0" 3# Note the BR_IP you set here as it is the device IP you'll be using 4# to connect to the Pi over SSH 5BR_IP="192.168.20.99/24" # make sure in the range defined in dnsmasq.conf 6BR_GW="192.168.20.1" # make sure in the range defined in dnsmasq.conf 7ADD_IF="" 8REMOTE_DEV="" 9DEBUG=""
Enable the following services at boot and restart them:
1systemctl enable bluetooth 2systemctl enable btnap 3systemctl enable dnsmasq 4systemctl enable hciuart 5 6service hciuart restart 7service bluetooth restart 8service dnsmasq restart 9service btnap restart
Before being able to connect to the raspberry Pi via bluetooth, the device which will be used must be paired and trusted. To do this enable bluetooth on your device and ensure it is visible to devices around it. Start
bluetootctl, turn scanning on then find your device in the list of devices. Copy its MAC address then pair and trust it. The steps are demonstrated below:
1bluetoothctl 2> agent on 3> scan on 4... wait for your device to show up ... 5... 6... now pair with its address 7> pair aa:bb:cc:dd:ee:ff 8... and trust it permantently ... 9> trust aa:bb:cc:dd:ee:ff 10... wait ... 11> quit
“Free up” the wlan0 interface to be used for other purposes by editing the file
/etc/network/interfaces as follows:
1auto lo 2iface lo inet loopback 3 4# enable for bluetooth access 5allow-hotplug wlan0 6iface wlan0 inet static 7 8# enable for wifi access 9# uto wlan0 10# iface wlan0 inet dhcp 11# wpa-ssid "<SSID>" 12# wpa-psk "<PSK>"
Disable wpa_supplicant and reboot:
1service wpa_supplicant disable 2reboot
After reboot, find the Raspberry Pi on your device’s bluetooth list and connect to it. Open an SSH client and connect to the board on the address set above (192.168.20.99 unless a different one was set). If you’re using an Android phone you may need to place it in airplane mode otherwise the SSH connection does not complete (remember to turn on bluetooth once in airplane mode).
Secure the SSH server as you normally would, for example by disabling password authentication.