SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've got sshd for inefficient local file transfer, largely because I'm too lazy to set up vnc or some remote desktop protocol, and it's dead handy for the lazy or decepit to be able to issue commands on a remote box.
What are the defaults? All the lines in sshd_config are commented out, but I want to exclude anything not on my home network, and my home router aaa.bbb.ccc.1. How much of that is done by default?
As I understand it, the commented out stuff is the default. If you want to change it, uncomment it and change it. sshd doesn't do host access control anymore, beyond ListenAddress. There was a time it linked in libwrap but no more. If you want to do better access control, run it under x/inetd and use the access control of those and/or libwrap. Other than that, that's always netfilter.
If your not enabling ssh forwarding in your router then everything outside of your LAN will be excluded. You can also use the AllowUsers directive to limit your user only from your LAN or a specific address.
I don't think using ssh or sftp is being lazy. I rarely use remote desktop.
Slackware links sshd against the tcp wrappers. Add this line in /etc/hosts.deny
Code:
sshd: ALL
If your local net is, for example, 192.168.1.0/24, add this to /etc/hosts.allow
Code:
sshd: 192.168.1. 127.0.0.1
First, Thanks to all the fast & knowledgeable replies. If I condoned smoking in any way, @Petri Kaukasoina would get the cancer stick (Cigar). I'll go with solutions outside of X, because /etc/rc.d/rc.sshd is outside of X.
@business_kid & Rest , In slackware-15.0 the 192.168.1. can also be represented as 192.168.0.0/23 using a cidr mask or 192.168.0.0/255.255.254.0 which will allow the 192.168.0.x & 192.168.1.x range of ip addresses .
Hth , JimL
Quote:
Originally Posted by business_kid
First, Thanks to all the fast & knowledgeable replies. If I condoned smoking in any way, @Petri Kaukasoina would get the cancer stick (Cigar). I'll go with solutions outside of X, because /etc/rc.d/rc.sshd is outside of X.
Code:
Slackware links sshd against the tcp wrappers. Add this line in /etc/hosts.deny
Code:
sshd: ALL
If your local net is, for example, 192.168.1.0/24, add this to /etc/hosts.allow
Code:
sshd: 192.168.1. 127.0.0.1
I've got sshd for inefficient local file transfer, largely because I'm too lazy to set up vnc or some remote desktop protocol, and it's dead handy for the lazy or decepit to be able to issue commands on a remote box.
Are you using it just for file transfers? None of the options you've mentioned are ideal solutions for that. They'll do it, but there are better ways.
IMO, it'd be quickest & easiest to set up NFS shares if the 'client' boxes are running Linux. If they're not running Linux, then SAMBA is a little more fiddly to set up, but not overly so for a simple file share.
Another quick solution, if just for one-off transfers and the source files are on a Linux host, you could use the HTTP server Python module:
-R puts the sftp-server into read-only mode. Attempts to open files for
writing, as well as other operations that change the state of the filesystem,
will be denied.
PD: I use this to access movie files stored on my PC from my FireTV stick with Kodi + sftp add-on
Last edited by Julius-Caesar; 04-28-2024 at 07:53 AM.
I evidently expressed myself poorly. Security isn't really a life or death issue. I'm usually behind a VPN, and have a full offline backup. The two pcs are a decent 6 core box and a RazPi 4B - throttled by poor design, using 4 A-72 cheapskate Arm cores and clocked at half the pc speed. Any hacker who has tried to get in is 100% expecting a windows box, so it's my son who will get nobbled . The LUG here is empty, just boring sysadmin nerds not used to mixing in company or sunlight.
I'm getting 1.5-2.0MB/S file transfers in ssh. Downloads can run ≤6MB as a rule, so that's a slow download. I'd like to better that, but I'm trying to position myself as a user, not a techie. So I'm not trying too hard.
@Julius-Caesar: SFTP still has the encryption/decryption stuff going on, which nobbles the RazPi. Thank you for the -r suggestion, but there can be 2 way traffic.
@rkelsen: That python http server trick was neat, and upped the speed to 4.5-5.0 MB/S. It also allowed me to stream stuff, which is good. With that and ssh, I needn't bother with elaborate efforts. All I have to do is leave the box on.
For an absurdly long time I did similar things to share files on my local network, ssh, sftp, ftp, etc. I finally broke down last year and built a proper NAS and I wish I would have done it years ago. I built mine but you can use any older computer you got lying around. There are lots of good NAS operating systems options out there. TrueNAS, unraid, or openmediavault are popular. For simple setups I prefer openmediavault.
Well, about 5MB is all I'm going to get from a 2.4Ghz wifi network in this crowded area anyhow. My tv sat down last night. The screen went, so I was had to jump for web playback. We have a superior range of superior tv available to us than the Excited States generally. I often had my brother (from NY, then Los Angeles) wistfully wishing for the tv he could get at home.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.