greetings,

i am trying to connect box A to box B. Following, is a little schema of what I have:

Box A: slackware 14.1 on network W (work location)
Box B: slackware 14 current on network H (home location)

So far, i tend to send the files (I think) i need via email or just pass them on a usb stick and then do the rest home; often i find that i need more files (or have forgotten something) and I have to either go back to the office or wait for the next day.

I read about 'Remmina Remote Desktop Connection ' and it seems a feature rich package but then, since i'm not a network savvy, i thought that KRDC should do/be enough for what i need: just connect to my work pc/desktop so that i can grab some files and work from home.

I have been trying to learn this for years and it has never been easy. Recently, i tried to give it another go and was reading/following this thread https://www.linuxquestions.org/quest...ks-4175544739/ but then realized how old it was and couldnt find a more recent (solved) similar topic.

I just dont seem to grasp the whole concept of client/server, port forwarding, port triggering, port filtering, desktop sharing, IP port, pc port, etc.

Is there a linux networking for dummies tutorial somewhere? Is the help and setting mentioned in the thread above still valid today?

Regards,

p.s.: the main question would be, why would anyone take their work home? I guess, it is more of a personal challenge now (since I have been coping with it for many years)

If you can reach both of them from the outside, you can use SFTP. An SFTP server is built into the OpenSSH-server package. For transfer, use your file manager: https://youtu.be/9S4DV1PluzA

If you can't reach both from the outside, but can still reach one from the other, then you'll have to have a reverse tunnel set up in SSH first.

If you can't reach either one then it is still possible but will either be more work or cost a little or both.

I can't (as mentioned) but i'm sure other could. (by the way, assuming that i knew how, would gFTP work the same?)

I would love to get it done, but since it's not of any urgency and mostly just personal learning, i was wondering if anyone could point me to a good linux networking book/tutorial.

I guess i will still manage to get my work home the 'old fashion way' and maybe once/if i learn the long and still complex process i will try to do it 'the savvy-way.

Of course, suggestions about the connections are welcome.

Regards

Networking is rather a broad topic and you'd dig for months before being able to craft a file access method. I'd recommend just aiming for file access and picking up the knowledge for that as a start.

On your home computer does the outside address that your router reports match the one seen on the outside by http://canyouseeme.org/ or similar services? If so, then you can do port forwarding to your home computer and the still use SFTP to reach it and, via a reverse tunnel, the one at work too.

Does your work know you would be connecting one of their servers to your home PC/server? Something to consider. If there is no issue with this, I suspect it would be easier to open your home firewall and set up an sftp server, or simply ssh and connect from your work server/pc to your home server/pc. If connected via ssh, you could use rsync for file copies.

I would say years, since i would experiment in my free time.
This is actually a good tip i didnt consider.


YES
I might be able to follow up to "port forwarding" however, reverse tunnel? I guess, it's something i have to do on the other computer but... what exactly is it? and how would i do it?

Thanks

p.s.: could the outside address that my router reports have been different? how? and why? and any differences?

Ok since the router's reported outside address and the one actually observed from the outside mean that you can do port forwarding and use SFTP to reach your home computer. It also means that, later, technically you can set up a reverse tunnel and go the opposite direction, too. But first with the basic SFTP.

1. Set up OpenSSH-server on your home computer and verify that you can log in via the home LAN from another computer
2. Set up key-based authentication and then after having verified that turn off password authentication for SSH
3. Set up port forwarding and verify that you can log in via the ever-changing outside address
4. Sign up for a Dynamic DNS account and enter that info into your router or home computer

Once you can connect with SSH, you get SFTP as part of the deal. And there are a wide range of SFTP clients, incluing your distro's own file manager.

The Dynamic DNS account is necessary to map a static host name to your outside address if you get your IP address via DHCP. It works by running a client from your LAN which phones home and updates the DNS entry for your host name to match the one in use at the moment by your router. The alternative is to look up your router's external number every day before leaving and then use that when connecting back to home.

The outside address could be different if there are several layers of NAT between your home and the Internet. See Carrier Grade NAT. NAT is an unfortunate hack often needed to share more computers across a smaller number of IPv4 addresses.

Ok. Now there are a bunch of terms to look up.

before i try anything, I forgot to post before that I tried to gFTP my home pc (since i am at work now) and an authentication window popped up asking for username for the site (whic h obviously i don't know/have).

As you have posted networking between two computers requires all that client/server, port forwarding, IP addresses kind of stuff.

It depends on your companies network firewall and security policies. Have you talked to your IT person? I assume you have no control over your companies firewall so direct access to your work computer from home is not possible unless there is a VPN or you can setup a reverse ssh tunnel.

If you can ping your home's WAN IP address there is a good chance you can setup a reverse tunnel or be able to access your home computer remotely.

FTP is not the same as SFTP despite the similarities in names. FTP should be avoided. It is insecure and very difficult to set up. SFTP is quite secure and rather easy to set up.

About being sure of connecting to the right machine, SSH (and thus SFTP) will print the server's (your home PC's) fingerprint when you first connect so you can verify that you are connecting to the right one. Search about verifying SSH host keys for more info.

it's my own business. NO special IT permission needed ))

about to go home shortly and foresee some days (and nights) of fun learning.

Thanks for now and will get back soon

ok folks,

back home and excited to read about all those techy/geeky words.

first things first: I realized that slackware current (my home pc, x64), has by default, disabled the ssh login; so i was learning how to fix this from this thread https://www.linuxquestions.org/quest...sh-4175593478/ which of course pointed to another page and, I happily landed here http://docs.slackware.com/howtos:security:sshkeys


So, apparently, this is a very secure way to allow ssh logins, however when i looked at sshd.config every line is commented out (#) except these:
is it normal?

nevertheless, following the info on the slackware/howtos page, I created the key pair and tomorrow I will copy the public key on my work computer and keep the private key on my home box (if i understand right this is the way to avoid unwanted fingers to dig where they are not allowed, for example if, lets say, one of my employees knows how to use ssh and the console - not an IT company so i doubt any of them can).

I remember that before leaving work today, I tried to connect to ssh server on my work pc (slackware14.1, x32 - so i guess it wasn't disabled by default) with and when i was asked for a passphrase I entered my root login password and it worked.

Am i missing something so far? or making a big salad in my head?

You're on the right track. There's not a dot in the configuration file name, it's /etc/ssh/sshd_config and other names will be ignored. That said, PermitRootLogin needs to be set to something other than 'yes'

It's strongly recommended to turn off remote root access:

or else if you absolutely can't figure out a proper workflow to avoid it, use this for keys only

As far as the keys go, the private key stays on the machine you are connecting from and the public key goes into ~/.ssh/authorized_keys on the destination machine. As you see, that location can be changed in sshd_config but it's not a good idea to change from the defaults without strong reasons.

I'd make sure the keys work over the LAN first, from a second machine, and then double check to be sure that remote root access is turned off. Then test against the external IP address if you can.

WOW! i can't believe it was that simple. I guess, networking over linux has improved a lot in the last 10yrs or I havent tried hard enough in the past. or maybe it's just the beginning!

Ok so, after creating the key pair on my home pc (slack current x64) I opened another laptop (box C, also running slackware current) but apparently ssh was not disabled by default as i learned in my home pc; in fact on box C i ran (own inet) and voila! i was connected to ssh server.

Nevertheless, without having to copy the public key from box B to box C as suggested here http://docs.slackware.com/howtos:security:sshkeys the two computers started loving each other and I can ssh each other back and forth.

Besides the technicality (anomaly) of this happy finding, how do i connect now to box A remotely (work pc, which i left on with the purpose of night testing)?

Regards,

just to recap and to avoid scrolling down to beginning:
box A: work computer on slackware14.1 32bit
box B: home desktop on slackware current, 64bit
box C: home laptop on slackware current, 64bit

Excellent. From about 20 years ago I remember reminding people that it is not necessarily easy but if it is hard something has gone wrong.

That guide is soooo close and could be very easily polished to be great by upgrading the key type, renaming the key file, and using a comment:

1. ssh-keygen -f ~/.ssh/box-a.ed25519 -C "from box C" -t ed25519
2. ssh-copy-id -i ~/.ssh/box-a.ed25519 you@192.168.0.xxx
3. ssh-add -i ~/.ssh/box-a.ed25519
4. ssh -i ~/.ssh/box-a.ed25519 you@192.168.0.xxx

1) generate an Ed25519 key and give a name to help remember its purpose, add a comment
2) transfer the public key to the destination box A
3) load the private key in to the agent
4) use the private key (in the agent) to connect

Then if you are able to connect using the key, you can turn off the password authentication on the SSH server in its sshd_config:

Then reload the SSH service.

The remote part, comes in with the port forwarding. Assuming the keys work as above, and assuming you have port 22 forwarded from your router to Box A, "just" SSH to the router's external IP address:

1 members found this post helpful.