Downloading with SSH
So I was able to successfully install CyberDuck on my MacBook and configure it with my VPS using SSH Authentication Keys and a Passphrase on my Private Key.
It seems to be working well, and I feel like I can trust it when uploading files to my VPS. But what about downloading? This may sound dumb, but I am not entirely sure how to securely download things (e.g. Server Backups) from my VPS to my MacBook using CyberDuck... :confused: Sincerely, Rob |
I've not used CyberDuck but a quick look at the web site confirms my thoughts -- you drag and drop in the same way as uploading.
|
Quote:
How can I get better reassurance that I will NOT be sending a backup file of my VPS - and user data in my database - blindly across the open Internet?? Is there any thing I can look for visually? Any way to tell if something is broken and not sending things over SSH? Or is there a better way to get backups off my VPS and to a remote computer/disk like my laptop? Sincerely, Rob |
Quote:
|
the connection is the same, so either both upload and download are safe or none of them.
|
Quote:
Quote:
Computer stuff breaks all of the time, and the longer you work with technology the more nervous it should make anyone! Quote:
I have a VPN service - which is turning out to be a piece of crap! It is VERY common for me to think I am logged into my VPN, but the SSL tunnel was broken because of a microsecond hickup in my free wi-fi connection at the library or McDonalds. So, I might be at the library doing something that requires privacy and security, and think that my VPN is covering me, when it turns out that I have been surfing the Internet for over an hour over an HTTP connection using Free Wi-Fi!!! ----- When I dragged my test backup tar from my VPS last night, it appeared that CyberDuck was on and working, but the whole "drag and drop thing" isn't really scientific!!! I guess I would feel more secure if I had to go into CyberDuck, navigate to my VPS, select the tar I want to transfer, and then click some button. That way I would know CyberDuck is working. In the end, I am just trying to be REALLY CAREFUL until I master all of this new stuff, because I would feel horrible if I did something negligent and exposed a database with 10,000 people's customer data all because I didn't know how to safely download backups off of my VPS!!! Sincerely, Rob P.S. This is where astrogeek would again probably encourage me to skip the GUI and do all of this via command-line. Probably not a bad idea, but it will take me time to learn, and in the mean-time, I am hoping that CyberDuck is an okay GUI alternative! |
TBH, download and uploading in ssh is cli is almost too easy.
You use scp or Secure CoPy. Code:
scp hostname:file directory/ Much of your fear makes sense, especially with so much being broken into or revealed as insecure. OpenSSH (ssh) however has proved robust. Even the nsa has limited success with breaking it (you can use insecure stuff in ssh, so I wouldn't consider that a big suprise) Fact is, the more layers above something you place, the more chance you have of it being cracked at some point. By using the cli, you're pretty using the secure program, and nothing else. However, to alleviate your fears, rather then being worried all the time I would suggest looking into how ssh works (the details) and decide for yourself if there is anything that could of flawed. Quote:
|
Quote:
Quote:
If things are that simple, then what would stop me from copying something nefarious onto your computer?! Quote:
I have seen too many times where people said, "Don't worry, it'll be okay" and they got nailed! Since I am a newbie to all of this, I am trying to respect it - which ultimately would lead anyone to be a little fearful! Quote:
Quote:
Quote:
My fears include a.) My newbie-ness and ability to easy screw things up, and b.) Suspicion of apps built by others! Quote:
Sincerely, Rob |
Quote:
|
Quote:
Quote:
Rob |
Yes, that's the big difference between tunneling a connection through SSH versus a VPN.
A VPN alters the network settings on your computer so that all traffic goes through the VPN transparently. If the VPN isn't there, it goes through the regular network interface instead. The only way you know which it is is by trying to access a local resource (printer, server, etc.) using a local IP that will fail if you're on the VPN (or a remote IP that will fail if you're not on the VPN), or checking something like whatismyip.net to see where your traffic is originating from. An SSH tunnel does not route all traffic through itself. It doesn't route ANY traffic through itself. Any connection that you want to pass through the SSH tunnel, rather than through the normal web, has to be explicitly set up to do so. This means that no traffic will go through the SSH tunnel unless you tell it to, and if you DO tell it to go through an SSH tunnel that is not active, it will fail. |
Quote:
ssh connecting or transmitting through plain-text would be against the foundation of it's design. It was designed to replace telnet which does transmit in plain-text. |
Quote:
Guess I just have to trust that I implemented what you guys taught me correctly and that it is working as it should. If you hear in the news... "Local Michigan man goes to jail over data breach!!' then you know I screwed something up!! ;) Thanks, Rob |
If you're worried about it, don't use a drag and drop GUI. Do it from the command line where you're made aware of everything that happens.
|
Quote:
So what about my earlier question about how SCP works? When I SFTP something from my MacBook to my VPS, I have to enter my VPS's username plus my Private Key's Passphrase. In the example your SCP, all that was included was the target host, the file being sent over, and and a destination... Code:
scp hostname:file directory/ Is the reason that nothing else was needed is because SCP runs over SSH? (And if so, in my case, then I guess the whole SSH Key Authentication thing has to work, right?) Please educate me on this other method... :) Thanks, Rob |
All times are GMT -5. The time now is 12:35 AM. |