sshd in Slackware - defaults?
 

I've got sshd for inefficient local file transfer, largely because I'm too lazy to set up vnc or some remote desktop protocol, and it's dead handy for the lazy or decepit to be able to issue commands on a remote box.

What are the defaults? All the lines in sshd_config are commented out, but I want to exclude anything not on my home network, and my home router aaa.bbb.ccc.1. How much of that is done by default?

As I understand it, the commented out stuff is the default. If you want to change it, uncomment it and change it. sshd doesn't do host access control anymore, beyond ListenAddress. There was a time it linked in libwrap but no more. If you want to do better access control, run it under x/inetd and use the access control of those and/or libwrap. Other than that, that's always netfilter.

If your not enabling ssh forwarding in your router then everything outside of your LAN will be excluded. You can also use the AllowUsers directive to limit your user only from your LAN or a specific address.

I don't think using ssh or sftp is being lazy. I rarely use remote desktop.

Maybe try to set up some rsa_id and use rsync over ssh.

:)

Slackware links sshd against the tcp wrappers. Add this line in /etc/hosts.denyIf your local net is, for example, 192.168.1.0/24, add this to /etc/hosts.allow

First, Thanks to all the fast & knowledgeable replies. If I condoned smoking in any way, @Petri Kaukasoina would get the cancer stick (Cigar). I'll go with solutions outside of X, because /etc/rc.d/rc.sshd is outside of X.

@business_kid & Rest , In slackware-15.0 the 192.168.1. can also be represented as 192.168.0.0/23 using a cidr mask or 192.168.0.0/255.255.254.0 which will allow the 192.168.0.x & 192.168.1.x range of ip addresses .

Hth , JimL

Are you using it just for file transfers? None of the options you've mentioned are ideal solutions for that. They'll do it, but there are better ways.

IMO, it'd be quickest & easiest to set up NFS shares if the 'client' boxes are running Linux. If they're not running Linux, then SAMBA is a little more fiddly to set up, but not overly so for a simple file share.

Another quick solution, if just for one-off transfers and the source files are on a Linux host, you could use the HTTP server Python module:

Then you can open a web browser on any other machine on the LAN, and enter the source machine's IP address, port 8000 eg: http://192.168.x.xx:8000

If you have SSH then you have SFTP

-R puts the sftp-server into read-only mode. Attempts to open files for
writing, as well as other operations that change the state of the filesystem,
will be denied.

PD: I use this to access movie files stored on my PC from my FireTV stick with Kodi + sftp add-on

I evidently expressed myself poorly. Security isn't really a life or death issue. I'm usually behind a VPN, and have a full offline backup. The two pcs are a decent 6 core box and a RazPi 4B - throttled by poor design, using 4 A-72 cheapskate Arm cores and clocked at half the pc speed. Any hacker who has tried to get in is 100% expecting a windows box, so it's my son who will get nobbled :D. The LUG here is empty, just boring sysadmin nerds not used to mixing in company or sunlight.

I'm getting 1.5-2.0MB/S file transfers in ssh. Downloads can run ≤6MB as a rule, so that's a slow download. I'd like to better that, but I'm trying to position myself as a user, not a techie. So I'm not trying too hard.

@Julius-Caesar: SFTP still has the encryption/decryption stuff going on, which nobbles the RazPi. Thank you for the -r suggestion, but there can be 2 way traffic.

@rkelsen: That python http server trick was neat, and upped the speed to 4.5-5.0 MB/S. It also allowed me to stream stuff, which is good. With that and ssh, I needn't bother with elaborate efforts. All I have to do is leave the box on.

Here's my complete sshd_conf

If you are inside your network and want speed, plain old FTP (without encryption) is much faster than ssh/sftp.


^^^ I'm not sure of the context here but, I'll make an assumption.
You can use two rsync connections for 2way...

Or you could set up a Wireguard VPN and set up NFS.

For an absurdly long time I did similar things to share files on my local network, ssh, sftp, ftp, etc. I finally broke down last year and built a proper NAS and I wish I would have done it years ago. I built mine but you can use any older computer you got lying around. There are lots of good NAS operating systems options out there. TrueNAS, unraid, or openmediavault are popular. For simple setups I prefer openmediavault.

Setting up NFS is even easier. I don't know why you're bothering with anything else, particularly if you want to stream off it.

Well, about 5MB is all I'm going to get from a 2.4Ghz wifi network in this crowded area anyhow. My tv sat down last night. The screen went, so I was had to jump for web playback. We have a superior range of superior tv available to us than the Excited States generally. I often had my brother (from NY, then Los Angeles) wistfully wishing for the tv he could get at home.

I'll put NFS on the to-do list.

This is the process at the server end:

1. edit /etc/exports to add the directories you want to share*
2. # chmod +x /etc/rc.d/rc.rpc
3. # /etc/rc.d/rc.rpc start
4. # chmod +x /etc/rc.d/rc.nfsd
5. # /etc/rc.d/rc.nfsd start

Client end:

# mount -t nfs 192.168.x.x:/mnt /mnt/hd

*A simple /etc/exports file, which exports the /mnt directory: