LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-24-2015, 12:29 PM   #1
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Rep: Reputation: Disabled
Downloading with SSH


So I was able to successfully install CyberDuck on my MacBook and configure it with my VPS using SSH Authentication Keys and a Passphrase on my Private Key.

It seems to be working well, and I feel like I can trust it when uploading files to my VPS.

But what about downloading?

This may sound dumb, but I am not entirely sure how to securely download things (e.g. Server Backups) from my VPS to my MacBook using CyberDuck...

Sincerely,


Rob
 
Old 02-24-2015, 02:20 PM   #2
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,004

Rep: Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620
I've not used CyberDuck but a quick look at the web site confirms my thoughts -- you drag and drop in the same way as uploading.
 
Old 02-24-2015, 02:35 PM   #3
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by 273 View Post
I've not used CyberDuck but a quick look at the web site confirms my thoughts -- you drag and drop in the same way as uploading.
That is what I assumed, but it just makes me feel so uneasy...

How can I get better reassurance that I will NOT be sending a backup file of my VPS - and user data in my database - blindly across the open Internet??

Is there any thing I can look for visually?

Any way to tell if something is broken and not sending things over SSH?

Or is there a better way to get backups off my VPS and to a remote computer/disk like my laptop?

Sincerely,


Rob
 
Old 02-24-2015, 02:37 PM   #4
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,004

Rep: Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620
Quote:
Originally Posted by RobInRockCity View Post
That is what I assumed, but it just makes me feel so uneasy...

How can I get better reassurance that I will NOT be sending a backup file of my VPS - and user data in my database - blindly across the open Internet??

Is there any thing I can look for visually?

Any way to tell if something is broken and not sending things over SSH?

Or is there a better way to get backups off my VPS and to a remote computer/disk like my laptop?

Sincerely,


Rob
If the encryption of SSH broke, then the file would not transfer. I don't understand where your anxiety comes from, why would things suddenly be connected without encryption?
 
Old 02-24-2015, 02:41 PM   #5
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 8,104

Rep: Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267
the connection is the same, so either both upload and download are safe or none of them.
 
Old 02-24-2015, 03:00 PM   #6
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by 273 View Post
If the encryption of SSH broke, then the file would not transfer.
Okay.


Quote:
Originally Posted by 273 View Post
I don't understand where your anxiety comes from,
Because every time you hear about a data breach in the news it is because people were not anxious enough like I am!!

Computer stuff breaks all of the time, and the longer you work with technology the more nervous it should make anyone!


Quote:
Originally Posted by 273 View Post
why would things suddenly be connected without encryption?
Here is a real-world example...

I have a VPN service - which is turning out to be a piece of crap!

It is VERY common for me to think I am logged into my VPN, but the SSL tunnel was broken because of a microsecond hickup in my free wi-fi connection at the library or McDonalds.

So, I might be at the library doing something that requires privacy and security, and think that my VPN is covering me, when it turns out that I have been surfing the Internet for over an hour over an HTTP connection using Free Wi-Fi!!!


-----
When I dragged my test backup tar from my VPS last night, it appeared that CyberDuck was on and working, but the whole "drag and drop thing" isn't really scientific!!!

I guess I would feel more secure if I had to go into CyberDuck, navigate to my VPS, select the tar I want to transfer, and then click some button. That way I would know CyberDuck is working.

In the end, I am just trying to be REALLY CAREFUL until I master all of this new stuff, because I would feel horrible if I did something negligent and exposed a database with 10,000 people's customer data all because I didn't know how to safely download backups off of my VPS!!!

Sincerely,


Rob

P.S. This is where astrogeek would again probably encourage me to skip the GUI and do all of this via command-line. Probably not a bad idea, but it will take me time to learn, and in the mean-time, I am hoping that CyberDuck is an okay GUI alternative!

Last edited by RobInRockCity; 02-24-2015 at 03:05 PM.
 
Old 02-24-2015, 03:27 PM   #7
Miati
Member
 
Registered: Dec 2014
Distribution: Linux Mint 17.*
Posts: 326

Rep: Reputation: 106Reputation: 106
TBH, download and uploading in ssh is cli is almost too easy.

You use scp or Secure CoPy.

Code:
scp hostname:file directory/
will copy file from hostname to directory/

Much of your fear makes sense, especially with so much being broken into or revealed as insecure.
OpenSSH (ssh) however has proved robust. Even the nsa has limited success with breaking it (you can use insecure stuff in ssh, so I wouldn't consider that a big suprise)

Fact is, the more layers above something you place, the more chance you have of it being cracked at some point.
By using the cli, you're pretty using the secure program, and nothing else.

However, to alleviate your fears, rather then being worried all the time I would suggest looking into how ssh works (the details) and decide for yourself if there is anything that could of flawed.

Quote:
encourage me to skip the GUI and do all of this via command-line. Probably not a bad idea, but it will take me time to learn, and in the mean-time, I am hoping that CyberDuck is an okay GUI alternative!
If you're ok with it and it does the job, then it's a ok alternative.
 
Old 02-24-2015, 03:41 PM   #8
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Miati View Post
TBH, download and uploading in ssh is cli is almost too easy.
I was wondering when you and astrogeek would come out again!!


Quote:
Originally Posted by Miati View Post
You use scp or Secure CoPy.

Code:
scp hostname:file directory/
will copy file from hostname to directory/
What about a Username and Password???

If things are that simple, then what would stop me from copying something nefarious onto your computer?!


Quote:
Originally Posted by Miati View Post
Much of your fear makes sense, especially with so much being broken into or revealed as insecure.
I am not one to live by "blind faith" when it comes to security.

I have seen too many times where people said, "Don't worry, it'll be okay" and they got nailed!

Since I am a newbie to all of this, I am trying to respect it - which ultimately would lead anyone to be a little fearful!


Quote:
Originally Posted by Miati View Post
OpenSSH (ssh) however has proved robust. Even the nsa has limited success with breaking it (you can use insecure stuff in ssh, so I wouldn't consider that a big suprise)
I trust SSH.


Quote:
Originally Posted by Miati View Post
Fact is, the more layers above something you place, the more chance you have of it being cracked at some point.
By using the cli, you're pretty using the secure program, and nothing else.
A good reminder...


Quote:
Originally Posted by Miati View Post
However, to alleviate your fears, rather then being worried all the time I would suggest looking into how ssh works (the details) and decide for yourself if there is anything that could of flawed.
Again, I am sold on SSH.

My fears include a.) My newbie-ness and ability to easy screw things up, and b.) Suspicion of apps built by others!


Quote:
Originally Posted by Miati View Post
If you're ok with it and it does the job, then it's a ok alternative.
I'm okay with CyberDuck if I am using it correctly to download backups off of my VPS, and if I had a little more reassurance that I would get some sort of an error or warning if I was ever transmitting a file in plain-text. (My stupid VPN service sure doesn't offer that!!!)

Sincerely,


Rob
 
Old 02-24-2015, 04:10 PM   #9
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
Quote:
Originally Posted by RobInRockCity View Post
What about a Username and Password???

If things are that simple, then what would stop me from copying something nefarious onto your computer?!
You already said you set up ssh keys, didn't you? If you did, then it will just work. If you didn't, or if the keys aren't valid (wrong computer, etc.), then it would prompt you for a password as soon as you tried to establish the connection.
 
Old 02-24-2015, 05:52 PM   #10
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by suicidaleggroll View Post
You already said you set up ssh keys, didn't you?
Correct


Quote:
Originally Posted by suicidaleggroll View Post
If you did, then it will just work.

If you didn't, or if the keys aren't valid (wrong computer, etc.), then it would prompt you for a password as soon as you tried to establish the connection.
So if the connection ever "dropped" then I would get some sort of an error versus the transfer going through in plain-text, right?


Rob
 
Old 02-24-2015, 06:03 PM   #11
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
Yes, that's the big difference between tunneling a connection through SSH versus a VPN.

A VPN alters the network settings on your computer so that all traffic goes through the VPN transparently. If the VPN isn't there, it goes through the regular network interface instead. The only way you know which it is is by trying to access a local resource (printer, server, etc.) using a local IP that will fail if you're on the VPN (or a remote IP that will fail if you're not on the VPN), or checking something like whatismyip.net to see where your traffic is originating from.

An SSH tunnel does not route all traffic through itself. It doesn't route ANY traffic through itself. Any connection that you want to pass through the SSH tunnel, rather than through the normal web, has to be explicitly set up to do so. This means that no traffic will go through the SSH tunnel unless you tell it to, and if you DO tell it to go through an SSH tunnel that is not active, it will fail.
 
Old 02-24-2015, 06:13 PM   #12
Miati
Member
 
Registered: Dec 2014
Distribution: Linux Mint 17.*
Posts: 326

Rep: Reputation: 106Reputation: 106
Quote:
SSH Authentication Keys and a Passphrase on my Private Key.
What about a Username and Password???
So if the connection ever "dropped" then I would get some sort of an error versus the transfer going through in plain-text, right?
Read through this to gain a understanding of the handshake of ssh.

ssh connecting or transmitting through plain-text would be against the foundation of it's design. It was designed to replace telnet which does transmit in plain-text.

Last edited by Miati; 02-24-2015 at 06:14 PM.
 
1 members found this post helpful.
Old 02-24-2015, 06:13 PM   #13
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by suicidaleggroll View Post
Yes, that's the big difference between tunneling a connection through SSH versus a VPN.

A VPN alters the network settings on your computer so that all traffic goes through the VPN transparently. If the VPN isn't there, it goes through the regular network interface instead. The only way you know which it is is by trying to access a local resource (printer, server, etc.) using a local IP that will fail if you're on the VPN (or a remote IP that will fail if you're not on the VPN), or checking something like whatismyip.net to see where your traffic is originating from.

An SSH tunnel does not route all traffic through itself. It doesn't route ANY traffic through itself. Any connection that you want to pass through the SSH tunnel, rather than through the normal web, has to be explicitly set up to do so. This means that no traffic will go through the SSH tunnel unless you tell it to, and if you DO tell it to go through an SSH tunnel that is not active, it will fail.
Okay, thanks for the clarification.

Guess I just have to trust that I implemented what you guys taught me correctly and that it is working as it should.


If you hear in the news... "Local Michigan man goes to jail over data breach!!' then you know I screwed something up!!

Thanks,


Rob
 
Old 02-24-2015, 06:14 PM   #14
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
If you're worried about it, don't use a drag and drop GUI. Do it from the command line where you're made aware of everything that happens.
 
Old 02-24-2015, 06:24 PM   #15
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Miati View Post
Read through this to gain a understanding of the handshake of ssh.

ssh connecting or transmitting through plain-text would be against the foundation of it's design. It was designed to replace telnet which does transmit in plain-text.
I looked at that - kinda stuffy! :P

So what about my earlier question about how SCP works?

When I SFTP something from my MacBook to my VPS, I have to enter my VPS's username plus my Private Key's Passphrase.

In the example your SCP, all that was included was the target host, the file being sent over, and and a destination...

Code:
scp hostname:file directory/

Is the reason that nothing else was needed is because SCP runs over SSH? (And if so, in my case, then I guess the whole SSH Key Authentication thing has to work, right?)

Please educate me on this other method...

Thanks,


Rob
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Downloading and Installing WebMin on RH Linux server using SSH session. linux_linux Linux - Networking 3 03-16-2008 09:09 AM
downloading nad ssh pako0 Linux - Networking 3 10-03-2006 08:28 PM
downloading and updating with ssh cb951303 Linux - Software 2 09-10-2005 08:51 AM
SSH Question about downloading files boreo Linux - Newbie 7 07-06-2004 02:16 AM
Downloading in SSH AMDPwred Linux - Software 5 03-06-2003 11:20 PM


All times are GMT -5. The time now is 02:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration