[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Programs for direct friend-to-friend file transfer?

On Sat, Jun 02, 2012 at 03:16:19PM +0100, Chris Davies wrote:
> Aubrey Raech <aubreyraech@gmail.com> wrote:
> > Sometimes I have the need to send files that are too large for email to
> > a friend directly [...]
> 
> > 1. Not a proper server (http, ftp)
> > 2. No usernames? (scp, rsync)
> > 3. Preferably does not require a chat protocol (XMPP, IRC's DCC)
> 
> > - From what I can find it seems like XMPP would probably be the best bet
> > for this...
> 
> But in #3 above you've just excluded XMPP. Do you want it or not?
> 
> > is there no program you can run with something like a - --listen to
> > listen for a connection on one end, and then run the program with the
> > destination IP from the other? Something along those lines?
> 
> Yes. A "proper" server (http, ftp, ssh) would satisfy this requirement
> but you've excluded those with #1, #2. If your PCs can have Internet
> facing ports configured, I'd go for ssh/rsync every time.
> 
I agree with using ssh, but I'd configure it to force sftp upon login
like this:

> 1.  One (or both) of you configure your router/firewall to accept inbound
>     TCP connections from (say) port 10022 and route them to your
>     Linux-based PC on port 22. If you can't redirect port 10022 to port
>     22 then just forward port 10022 and create a firewall rule on your
>     Linux-based PC to rewrite inbound requests on 10022 to local port
>     22. (Come back here if you need help with that.)
> 
That's a good idea, in my opinion, to not expose port 22 directly.  It
reduces the effectiveness of script kiddies.

> 2.  Consider the use of DDNS services such as those provided by dyndns.org
>     to make your IP address available by name to your friend.
> 
Agreed.

> 3.  Install the openssh-server package
> 
Agreed.

> 4.  Configure /etc/ssh/sshd_config, adding an AllowGroups line such
>     as this:
> 
>     AllowGroups sshuser
> 
It's simpler to just AllowUsers user1 user2 user3

> 5.  Put your and your friend's user accounts into the sshuser group:
> 
>     groupadd sshuser
>     usermod -a -G sshuser YOURUSERNAME
>     usermod -a -G sshuser YOURFRIENDSUSERNAME
> 
This won't be needed if you follow my advice on step 4

> 6.  Make sure that your password, and your friend's password on your
>     machine, is sufficiently complex that others are unlikely to guess it.
> 
Always a good idea, but the risk is lessened by forcing sftp (and not
posting any sensitive data on the sftp site)

> 7.  Use rsync (over ssh) or sftp to copy the files. Remember to tell them
>     to use port 10022 (or whatever you decided in #1) instead of the
>     default port 22.
> 
Instead of using rsync, use FileZilla or another FTP client.  But first
you must add this to your sshd_config file:

Subsystem sftp /usr/lib/openssh/sftp-server  #this line probably already exists -- check for it
Match user user1,user3  #you can omit this if you want it to apply to all users
ChrootDirectory /srv/sftp_folder  #this folder must be owned by root and writeable only by root
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

-Rob
Reply to: