How to Cloak a Raspberry Pi

What is Cloaking?

In order to remotely access a Raspberry Pi, SSH or VNC needs to be enabled. Enabling both of the services opens up ports over the local network.

Cloaking binds these services to the localhost IP address(127.0.0.X), so the Raspberry Pi is no longer visible to port scans on the local network or through port forwarding. No-one can start a connection from the outside or even see the Raspberry Pi. It is as if it is not even there.

Once cloaked, the only way to connect to the Raspberry Pi is to use



The steps to cloak your Pi are as follows:

  1. Upload the Cloaking Script 
  2. Cloak the Raspberry Pi
  3. Uncloak the Raspberry Pi

Before you begin, you will need to:

  1. Create a account at the website.
  2. Enable SSH and VNC access on your Raspberry Pi.
  3. Register the Raspberry Pi on

To register your Pi with, you can either install from the command line of the Raspberry Pi or, if you have not setup your Raspberry Pi yet, you can use our remote.itPi SD card image.

Check out the in-depth video tutorial on Cloaking, found here. This tutorial provides in-depth visual examples that can help you understand how the Cloaking technology works.


Uploading the Cloaking Scripts

In order to cloak a Raspberry Pi, you will need to upload the cloaking scripts into your account. Download the script from this link: SSH Cloaking script


Next, you need upload the script to your account. Navigate to and sign in.

Then go to the Scripting section of the web portal and click Upload.




Choose the script that you just downloaded from our Downloads page, and make sure the file type is Executable script or program. Once the script is uploaded to your portal, you can put it on your Raspberry Pi that you wish to cloak.


Cloak the Raspberry Pi

To cloak your Pi, go to the Devices section of the web portal and find your Device. Click the box to the left of the Device to select it, then choose Actions at the top. 

You will see the Execute Script option. Click it to see all the possibles scripts you can execute. Choose the cloaking script you just uploaded and hit Next, then Submit.




You can go back to the Scripting section to see the status of the script. When it says Succeeded, your Pi is Cloaked.

Here is an example of how your Pi will appear on your local network. I am demonstrating this using software called Fing.




As you can see, no open ports have been detected on my Raspberry Pi, because my VNC and SSH ports have been cloaked.


Uncloak the Raspberry Pi

You can also uncloak the Raspberry Pi using a procedure very similar to how you cloaked it.

From the web portal, select the Raspberry Pi and go to the Actions menu. Select Execute Script and click Next. The only difference is that at this screen, select the “Uncloak service” option. Then click Finish and Submit.

Under the status columns, you will see that the SSH service has been uncloaked. This means that your Raspberry Pi is now visible again, and can be detected on your local network.

Here is what the device looks like on the local network when the services are uncloaked. Again, I'm using Fing to detect my device over my local network.




As you can see, the ports are now visible on my local network because I disabled the cloaking scripts.

Was this article helpful?
0 out of 0 found this helpful