apache and uploading
Hi. I have apache running on my computer. I made a web page, and I can look at it from another computer. I haven't bought an ip address yet, so I have a dynamic address from my isp. But I can get to the webpage.
My friend in Germany wants to send me some music CDs. He makes mixtures of many different kinds of music. They are good. Question: If we are both online at the same time, and I give him my (dynamic) ip could he just upload the CDs straight to my computer? Would save time and postage! Maybe I need to tweak apache to accept upload or something?? |
Don't over complicate things... and yes if you give him your public dynamic IP then he can upload. However, be aware that if you're behind a router you'll need to configure port forwarding for SSH (port 22 by default).
KISS - set up an SSH server and create a user login for your friend. Instruct your friend to use FileZilla. When they choose the protocol tell them SFTP. He will then be able to transfer files to your computer with no problems. I also recommend that you stop the ssh server when not in use and disable your router forwarding port 22 because it is a common attack vector for networks. I'd recommend a firewall for just your friend to access but that's a more serious security discussion than you're likely looking for. |
Thanks. How do I configure port forwarding. I've actually heard of that, but I don't know what it is. Will I need that if I set up the ssh server??
|
I'll try to simplify the networking concepts so that they're easy for quick understanding.
Compare your private IP with your public IP. Open a terminal and type the following command. Code:
ifconfig Are the IP addresses different? If not then you're likely not behind a router and you don't need to port forward. If they are different then that means you're using a router with Network Address Translation (NAT). It also means that public computers can only talk to your router but not directly to your computer. A quick overview of port forwarding. Here's a small diagram. Let's say Pedroski@home is your personal computer. Code:
#key Code:
Pedroski@home <=> router <=> yourfriend@germany So in a nutshell, when you port forward port 22 on your router it has only one job: it is passing packets from the internet directly to your machine unaltered in that single port. Some routers can port forward whole ranges (range being more than one port). But for you to file share with your friend you only need to port forward 22 if you keep the default settings for the OpenSSH server. That is why your private IP address is called private because internet computers can't connect to it without certain configurations being set up first if you're behind a router using NAT (which all consumer routers do by default). How to set up port forwarding. It depends on the router you're using but luckily google exists. Google "howto portforward <brand name router>" and usually someone will have written about it. In general, routers list port forwarding under a menu called "Advanced" in the configuration page and sometimes under a menu called "Virtual Servers". It depends on the brand of router you're using to connect to the internet. SAM |
Ok, thanks a lot. The ip address from ifconfig and the ifconfig.me page are identical. I plug into a dsl router at home. But I don't seem to have different ip addresses.
So I won't need to enable port forwarding? It's the weekend here now. I'll get the ssh installed and try it. One problem I see is: I'm pretty sure my friend uses Windows. I use Ubuntu or Fedora. Will they be compatible?? |
Hi again: could you tell me how and where to set the password for FileZilla? I've been using Linux a long time now, so I've become security conscious. I read the FileZilla page, but I can't see anything about how to give someone a username/password.
Also, FileZilla says if I set SFTP, I can use a public key. I read this from Ubuntu set up ssh page: SSH Keys SSH keys allow authentication between two hosts without the need of a password. SSH key authentication uses two keys a private key and a public key. To generate the keys, from a terminal prompt enter: ssh-keygen -t dsa This will generate the keys using a DSA authentication identity of the user. During the process you will be prompted for a password. Simply hit Enter when prompted to create the key. By default the public key is saved in the file ~/.ssh/id_dsa.pub, while ~/.ssh/id_dsa is the private key. Now copy the id_dsa.pub file to the remote host and append it to ~/.ssh/authorized_keys by entering: ssh-copy-id username@remotehost Finally, double check the permissions on the authorized_keys file, only the authenticated user should have read and write permissions. If the permissions are not correct change them by: chmod 600 .ssh/authorized_keys You should now be able to SSH to the host without being prompted for a password. copy the id_dsa.pub file to the remote host and append it to ~/.ssh/authorized_keys by entering: ssh-copy-id username@remotehost Will this work when the remote host is a Windows machine?? FileZilla also says, I can use ssh, then make sure SSH_AUTH_SOCK is set. How would I set this variable?? |
I'll try to break it down for you as best I can.
Quote:
Code:
useradd testuser Quote:
Just create a system user and set the password for that user. Then try logging in using SFTP over port 22 to that public IP using the same user and password you created. That should be it. |
Thanks!
So I could log in to my computer using Filezilla from say work, just using my normal Ubuntu log in and password? Did I get that right? I followed the instructions on the Openssh webpage, and tested the server via localhost as per the webpage. It was successful. I didn't generate the public keys, as I won't do this often, and I would prefer to just log in via username and password. I don't have any state secrets to hide!! (Have to say that in case the Chinese Secret Police are reading this!!) One more question, if you don't mind: Ubuntu comes with a folder Public. That is the only one I need my friend to access. I made it read write for anyone. How do I make everything else "invisible" from the outside? Or am I looking at this wrongly? If I, or my friend,using my username/password, log on from another computer, it is me, so nothing needs to be hidden, right? I am not making a public FTP server. |
Quote:
Quote:
Quote:
Here's a tutorial. One thing to note is you can't really have what you ask (locking the user into your own home directory). This is because of the security setup for a chroot environment which requires all directories in the chroot home to be owned by the root user. That would mean you would have to own your home directory by root which means you can no longer write to your own home! If you don't want to mess with the whole Chroot Jail stuff because it becomes a mess then you can simply do the following... Code:
#add user and set their shell to nothing so they can't ssh. Code:
Match Group sftponly Code:
# Authentication: SAM |
Wow, that's great, thanks a lot!
|
All times are GMT -5. The time now is 12:19 AM. |