Re: Programs for direct friend-to-friend file transfer?
On Sat, Jun 02, 2012 at 03:16:19PM +0100, Chris Davies wrote:
> Aubrey Raech <email@example.com> wrote:
> > Sometimes I have the need to send files that are too large for email to
> > a friend directly [...]
> > 1. Not a proper server (http, ftp)
> > 2. No usernames? (scp, rsync)
> > 3. Preferably does not require a chat protocol (XMPP, IRC's DCC)
> > - From what I can find it seems like XMPP would probably be the best bet
> > for this...
> But in #3 above you've just excluded XMPP. Do you want it or not?
> > is there no program you can run with something like a - --listen to
> > listen for a connection on one end, and then run the program with the
> > destination IP from the other? Something along those lines?
> Yes. A "proper" server (http, ftp, ssh) would satisfy this requirement
> but you've excluded those with #1, #2. If your PCs can have Internet
> facing ports configured, I'd go for ssh/rsync every time.
I agree with using ssh, but I'd configure it to force sftp upon login
> 1. One (or both) of you configure your router/firewall to accept inbound
> TCP connections from (say) port 10022 and route them to your
> Linux-based PC on port 22. If you can't redirect port 10022 to port
> 22 then just forward port 10022 and create a firewall rule on your
> Linux-based PC to rewrite inbound requests on 10022 to local port
> 22. (Come back here if you need help with that.)
That's a good idea, in my opinion, to not expose port 22 directly. It
reduces the effectiveness of script kiddies.
> 2. Consider the use of DDNS services such as those provided by dyndns.org
> to make your IP address available by name to your friend.
> 3. Install the openssh-server package
> 4. Configure /etc/ssh/sshd_config, adding an AllowGroups line such
> as this:
> AllowGroups sshuser
It's simpler to just AllowUsers user1 user2 user3
> 5. Put your and your friend's user accounts into the sshuser group:
> groupadd sshuser
> usermod -a -G sshuser YOURUSERNAME
> usermod -a -G sshuser YOURFRIENDSUSERNAME
This won't be needed if you follow my advice on step 4
> 6. Make sure that your password, and your friend's password on your
> machine, is sufficiently complex that others are unlikely to guess it.
Always a good idea, but the risk is lessened by forcing sftp (and not
posting any sensitive data on the sftp site)
> 7. Use rsync (over ssh) or sftp to copy the files. Remember to tell them
> to use port 10022 (or whatever you decided in #1) instead of the
> default port 22.
Instead of using rsync, use FileZilla or another FTP client. But first
you must add this to your sshd_config file:
Subsystem sftp /usr/lib/openssh/sftp-server #this line probably already exists -- check for it
Match user user1,user3 #you can omit this if you want it to apply to all users
ChrootDirectory /srv/sftp_folder #this folder must be owned by root and writeable only by root