LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 11-01-2012, 10:25 PM   #1
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 20.04
Posts: 1,944

Rep: Reputation: 70
apache and uploading


Hi. I have apache running on my computer. I made a web page, and I can look at it from another computer. I haven't bought an ip address yet, so I have a dynamic address from my isp. But I can get to the webpage.

My friend in Germany wants to send me some music CDs. He makes mixtures of many different kinds of music. They are good.

Question: If we are both online at the same time, and I give him my (dynamic) ip could he just upload the CDs straight to my computer? Would save time and postage!

Maybe I need to tweak apache to accept upload or something??
 
Old 11-02-2012, 12:59 AM   #2
sag47
Senior Member
 
Registered: Sep 2009
Location: Raleigh, NC
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,861
Blog Entries: 36

Rep: Reputation: 459Reputation: 459Reputation: 459Reputation: 459Reputation: 459
Don't over complicate things... and yes if you give him your public dynamic IP then he can upload. However, be aware that if you're behind a router you'll need to configure port forwarding for SSH (port 22 by default).

KISS - set up an SSH server and create a user login for your friend.

Instruct your friend to use FileZilla. When they choose the protocol tell them SFTP. He will then be able to transfer files to your computer with no problems.

I also recommend that you stop the ssh server when not in use and disable your router forwarding port 22 because it is a common attack vector for networks. I'd recommend a firewall for just your friend to access but that's a more serious security discussion than you're likely looking for.

Last edited by sag47; 11-02-2012 at 01:09 AM.
 
Old 11-02-2012, 01:42 AM   #3
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 20.04
Posts: 1,944

Original Poster
Rep: Reputation: 70
Thanks. How do I configure port forwarding. I've actually heard of that, but I don't know what it is. Will I need that if I set up the ssh server??
 
Old 11-02-2012, 12:14 PM   #4
sag47
Senior Member
 
Registered: Sep 2009
Location: Raleigh, NC
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,861
Blog Entries: 36

Rep: Reputation: 459Reputation: 459Reputation: 459Reputation: 459Reputation: 459
I'll try to simplify the networking concepts so that they're easy for quick understanding.

Compare your private IP with your public IP.

Open a terminal and type the following command.
Code:
ifconfig
Look at your IP address (inet address) listed there. Now visit ifconfig.me in your web browser.

Are the IP addresses different? If not then you're likely not behind a router and you don't need to port forward. If they are different then that means you're using a router with Network Address Translation (NAT). It also means that public computers can only talk to your router but not directly to your computer.

A quick overview of port forwarding.

Here's a small diagram. Let's say Pedroski@home is your personal computer.

Code:
#key
#=> means that this computer can talk to other computers on the internet but they can't talk back to it.
#<=> means this computer and internet computers have two way communication.

Pedroski@home => router <=> yourfriend@germany
Now let's enable port forwarding. Here's what your new diagram will look like.
Code:
Pedroski@home <=> router <=> yourfriend@germany
In TCP/IP networking there are 65,535 ports. There is a set of standard recognised ports in which certain services are expected to be listening on. However, standard does not mean requirement so you can run a service on any port that you like if you don't care about standards. For instance, the standard port for SSH is port 22 but you could easily run it on a not standard port such as 2222 or 65000. Note: Some internet service providers (ISP) block ports above 1000 (the bad customer service ISPs do).

So in a nutshell, when you port forward port 22 on your router it has only one job: it is passing packets from the internet directly to your machine unaltered in that single port. Some routers can port forward whole ranges (range being more than one port). But for you to file share with your friend you only need to port forward 22 if you keep the default settings for the OpenSSH server.

That is why your private IP address is called private because internet computers can't connect to it without certain configurations being set up first if you're behind a router using NAT (which all consumer routers do by default).

How to set up port forwarding.
It depends on the router you're using but luckily google exists. Google "howto portforward <brand name router>" and usually someone will have written about it.

In general, routers list port forwarding under a menu called "Advanced" in the configuration page and sometimes under a menu called "Virtual Servers". It depends on the brand of router you're using to connect to the internet.

SAM

Last edited by sag47; 11-02-2012 at 12:19 PM.
 
Old 11-02-2012, 07:16 PM   #5
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 20.04
Posts: 1,944

Original Poster
Rep: Reputation: 70
Ok, thanks a lot. The ip address from ifconfig and the ifconfig.me page are identical. I plug into a dsl router at home. But I don't seem to have different ip addresses.

So I won't need to enable port forwarding? It's the weekend here now. I'll get the ssh installed and try it.

One problem I see is: I'm pretty sure my friend uses Windows. I use Ubuntu or Fedora. Will they be compatible??
 
Old 11-03-2012, 06:57 PM   #6
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 20.04
Posts: 1,944

Original Poster
Rep: Reputation: 70
Hi again: could you tell me how and where to set the password for FileZilla? I've been using Linux a long time now, so I've become security conscious. I read the FileZilla page, but I can't see anything about how to give someone a username/password.

Also, FileZilla says if I set SFTP, I can use a public key. I read this from Ubuntu set up ssh page:

SSH Keys

SSH keys allow authentication between two hosts without the need of a password. SSH key authentication uses two keys a private key and a public key.

To generate the keys, from a terminal prompt enter:

ssh-keygen -t dsa

This will generate the keys using a DSA authentication identity of the user. During the process you will be prompted for a password. Simply hit Enter when prompted to create the key.

By default the public key is saved in the file ~/.ssh/id_dsa.pub, while ~/.ssh/id_dsa is the private key. Now copy the id_dsa.pub file to the remote host and append it to ~/.ssh/authorized_keys by entering:

ssh-copy-id username@remotehost

Finally, double check the permissions on the authorized_keys file, only the authenticated user should have read and write permissions. If the permissions are not correct change them by:

chmod 600 .ssh/authorized_keys

You should now be able to SSH to the host without being prompted for a password.

copy the id_dsa.pub file to the remote host and append it to ~/.ssh/authorized_keys by entering:

ssh-copy-id username@remotehost

Will this work when the remote host is a Windows machine??

FileZilla also says, I can use ssh, then make sure SSH_AUTH_SOCK is set. How would I set this variable??

Last edited by Pedroski; 11-03-2012 at 07:13 PM.
 
Old 11-04-2012, 10:51 PM   #7
sag47
Senior Member
 
Registered: Sep 2009
Location: Raleigh, NC
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,861
Blog Entries: 36

Rep: Reputation: 459Reputation: 459Reputation: 459Reputation: 459Reputation: 459
I'll try to break it down for you as best I can.

Quote:
Originally Posted by Pedroski View Post
Hi again: could you tell me how and where to set the password for FileZilla? I've been using Linux a long time now, so I've become security conscious. I read the FileZilla page, but I can't see anything about how to give someone a username/password.
SFTP can access a system running SSH. Therefore, you set up a system user which can access SSH. Whatever the systems username and password are will be the user/password used to access SFTP in FileZila. For example, to create a new user and give them a password then do the following.
Code:
useradd testuser
passwd testuser
In a default Ubuntu install, all local users are able to access the system using SSH unless you customize it away from defaults. So as long as you're using defaults that should be the case. I usually recommend against this if the SSH server is up 24/7 but in your case you should just shut down the ssh server when you're done using it.

Quote:
Originally Posted by Pedroski View Post
Also, FileZilla says if I set SFTP, I can use a public key. I read this from Ubuntu set up ssh page:

SSH Keys

SSH keys allow authentication between two hosts without the need of a password. SSH key authentication uses two keys a private key and a public key.
Documentation exists for how to use PKAuth on Windows. However, I don't think you should bother with it. You're just going to over complicate it for your friend because they are the ones who will need to generate the keys, not you.

Just create a system user and set the password for that user. Then try logging in using SFTP over port 22 to that public IP using the same user and password you created.

That should be it.
 
Old 11-05-2012, 07:35 AM   #8
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 20.04
Posts: 1,944

Original Poster
Rep: Reputation: 70
Thanks!

So I could log in to my computer using Filezilla from say work, just using my normal Ubuntu log in and password? Did I get that right? I followed the instructions on the Openssh webpage, and tested the server via localhost as per the webpage. It was successful. I didn't generate the public keys, as I won't do this often, and I would prefer to just log in via username and password. I don't have any state secrets to hide!! (Have to say that in case the Chinese Secret Police are reading this!!)

One more question, if you don't mind:

Ubuntu comes with a folder Public. That is the only one I need my friend to access. I made it read write for anyone. How do I make everything else "invisible" from the outside? Or am I looking at this wrongly? If I, or my friend,using my username/password, log on from another computer, it is me, so nothing needs to be hidden, right? I am not making a public FTP server.
 
Old 11-05-2012, 09:52 AM   #9
sag47
Senior Member
 
Registered: Sep 2009
Location: Raleigh, NC
Distribution: Kubuntu x64, Raspbian, CentOS
Posts: 1,861
Blog Entries: 36

Rep: Reputation: 459Reputation: 459Reputation: 459Reputation: 459Reputation: 459
Quote:
Originally Posted by Pedroski View Post
One problem I see is: I'm pretty sure my friend uses Windows. I use Ubuntu or Fedora. Will they be compatible??
Yes, they are compatible. That's the beauty of a protocol is if two systems can "speak" the protocol then it doesn't matter what they are in terms of the OS.

Quote:
Originally Posted by Pedroski View Post
So I could log in to my computer using Filezilla from say work, just using my normal Ubuntu log in and password? Did I get that right?
In a default Ubuntu install setting up SSH without customizing it will allow you to login using any user on your system. In short yes, your normal login and password will work.

Quote:
Originally Posted by Pedroski View Post
Ubuntu comes with a folder Public. That is the only one I need my friend to access. I made it read write for anyone. How do I make everything else "invisible" from the outside? Or am I looking at this wrongly? If I, or my friend,using my username/password, log on from another computer, it is me, so nothing needs to be hidden, right? I am not making a public FTP server.
For this case you want to chroot jail SSH. A quick google search for "openssh lock user home" brought me to this quick tid-bit. You can customize SSH so that you can force users into a certain directory. I'll modify the instructions a bit and give you a test case.

Here's a tutorial. One thing to note is you can't really have what you ask (locking the user into your own home directory). This is because of the security setup for a chroot environment which requires all directories in the chroot home to be owned by the root user. That would mean you would have to own your home directory by root which means you can no longer write to your own home! If you don't want to mess with the whole Chroot Jail stuff because it becomes a mess then you can simply do the following...

Code:
#add user and set their shell to nothing so they can't ssh.
sudo useradd -s /bin/false testuser
sudo passwd testuser

#create a sftponly group
sudo groupadd sftponly

#add testuser to the sftponly group
sudo usermod -a -G sftponly testuser

#Set your own home directory permissions so your friend can't access your files (pedro is your username)
sudo chmod 700 /home/pedro
Now add the following to the bottom of /etc/ssh/sshd_config and restart the ssh server.
Code:
Match Group sftponly
        ForceCommand internal-sftp
        X11Forwarding no
        AllowTcpForwarding no
Additionally I recommend making the following security changes to your /etc/ssh/sshd_config file.
Code:
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
AllowGroups pedro sftponly
Alternatively, instead of adding pedro to AllowGroups you can create yourself an sshusers group and add the user pedro to it. Then you can simply add the sshusers group to AllowGroups.

SAM
 
Old 11-05-2012, 05:53 PM   #10
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 20.04
Posts: 1,944

Original Poster
Rep: Reputation: 70
Wow, that's great, thanks a lot!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Issues Uploading via Apache to Symbolic Linked Folder asketchyfish Linux - Server 4 09-14-2012 03:12 PM
Apache: uploading new webpages using ftp nostradamus Linux - Networking 2 04-24-2004 02:56 PM
Apache Server Config, Mail Server, & Uploading johan the olive Linux - Networking 5 03-15-2003 12:42 AM
uploading with apache and php chens_83 Linux - General 6 02-16-2003 06:09 AM
Problem with uploading image-Apache eswarkumar Linux - General 2 12-20-2002 11:23 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration