Raspberry Pi SSH over Bluetooth

This post was inspired by the write up about PITA from evilsocket where they describe a way to connect and SSH into a Raspberry Pi using Bluetooth. I decided to try to reproduce that part of the write up, ran into some issues but finally got it working. This has only been tested on a Pi Zero W so far but should work fine on other models as well.

Let’s start by installing some dependencies:

apt install pulseaudio pulseaudio-module-zeroconf alsa-utils avahi-daemon pulseaudio-module-bluetooth bluez
git clone https://github.com/bablokb/pi-btnap.git
# install btnap as a server
./pi-btnap/tools/install-btnap server

Edit the bluetooth configuration file /etc/systemd/system/bluetooth.target.wants/bluetooth.service and disable the SAP plugin by changing the ExecStart line as follows:

ExecStart=/usr/lib/bluetooth/bluetoothd --noplugin=sap

Set the name that the device will present over bluetooth /etc/bluetooth/main.conf


# Defaults to 'BlueZ X.YZ', if Name is not set here and plugin 'hostname' is not loaded.
# The plugin 'hostname' is loaded by default and overides the Name set here so
# consider modifying /etc/machine-info with variable PRETTY_HOSTNAME=<NewName> instead.

Note the dhcp-range configured for dnsmasq by running cat /etc/dnsmasq.conf. Edit the btnap configuration file at /etc/btnap.conf with the following:

# Note the BR_IP you set here as it is the device IP you'll be using
# to connect to the Pi over SSH
BR_IP=""    # make sure in the range defined in dnsmasq.conf
BR_GW=""        # make sure in the range defined in dnsmasq.conf

Enable the following services at boot and restart them:

systemctl enable bluetooth
systemctl enable btnap
systemctl enable dnsmasq
systemctl enable hciuart

service hciuart restart
service bluetooth restart
service dnsmasq restart
service btnap restart

Before being able to connect to the raspberry Pi via bluetooth, the device which will be used must be paired and trusted. To do this enable bluetooth on your device and ensure it is visible to devices around it. Start bluetootctl, turn scanning on then find your device in the list of devices. Copy its MAC address then pair and trust it. The steps are demonstrated below:

> agent on
> scan on
... wait for your device to show up ...
... now pair with its address
> pair aa:bb:cc:dd:ee:ff
... and trust it permantently ...
> trust aa:bb:cc:dd:ee:ff
... wait ...
> quit

“Free up” the wlan0 interface to be used for other purposes by editing the file /etc/network/interfaces as follows:

auto lo
iface lo inet loopback

# enable for bluetooth access
allow-hotplug wlan0
iface wlan0 inet static

# enable for wifi access
# uto wlan0
# iface wlan0 inet dhcp
# wpa-ssid "<SSID>"
# wpa-psk "<PSK>"

Disable wpa_supplicant and reboot:

service wpa_supplicant disable

After reboot, find the Raspberry Pi on your device’s bluetooth list and connect to it. Open an SSH client and connect to the board on the address set above ( unless a different one was set). If you’re using an Android phone you may need to place it in airplane mode otherwise the SSH connection does not complete (remember to turn on bluetooth once in airplane mode).

Secure the SSH server as you normally would, for example by disabling password authentication.