On Sat, Jun 02, 2012 at 03:16:19PM +0100, Chris Davies wrote: > Aubrey Raech <aubreyra...@gmail.com> wrote: > > Sometimes I have the need to send files that are too large for email to > > a friend directly [...] > > > 1. Not a proper server (http, ftp) > > 2. No usernames? (scp, rsync) > > 3. Preferably does not require a chat protocol (XMPP, IRC's DCC) > > > - From what I can find it seems like XMPP would probably be the best bet > > for this... > > But in #3 above you've just excluded XMPP. Do you want it or not? > > > is there no program you can run with something like a - --listen to > > listen for a connection on one end, and then run the program with the > > destination IP from the other? Something along those lines? > > Yes. A "proper" server (http, ftp, ssh) would satisfy this requirement > but you've excluded those with #1, #2. If your PCs can have Internet > facing ports configured, I'd go for ssh/rsync every time. > I agree with using ssh, but I'd configure it to force sftp upon login like this:
> 1. One (or both) of you configure your router/firewall to accept inbound > TCP connections from (say) port 10022 and route them to your > Linux-based PC on port 22. If you can't redirect port 10022 to port > 22 then just forward port 10022 and create a firewall rule on your > Linux-based PC to rewrite inbound requests on 10022 to local port > 22. (Come back here if you need help with that.) > That's a good idea, in my opinion, to not expose port 22 directly. It reduces the effectiveness of script kiddies. > 2. Consider the use of DDNS services such as those provided by dyndns.org > to make your IP address available by name to your friend. > Agreed. > 3. Install the openssh-server package > Agreed. > 4. Configure /etc/ssh/sshd_config, adding an AllowGroups line such > as this: > > AllowGroups sshuser > It's simpler to just AllowUsers user1 user2 user3 > 5. Put your and your friend's user accounts into the sshuser group: > > groupadd sshuser > usermod -a -G sshuser YOURUSERNAME > usermod -a -G sshuser YOURFRIENDSUSERNAME > This won't be needed if you follow my advice on step 4 > 6. Make sure that your password, and your friend's password on your > machine, is sufficiently complex that others are unlikely to guess it. > Always a good idea, but the risk is lessened by forcing sftp (and not posting any sensitive data on the sftp site) > 7. Use rsync (over ssh) or sftp to copy the files. Remember to tell them > to use port 10022 (or whatever you decided in #1) instead of the > default port 22. > Instead of using rsync, use FileZilla or another FTP client. But first you must add this to your sshd_config file: Subsystem sftp /usr/lib/openssh/sftp-server #this line probably already exists -- check for it Match user user1,user3 #you can omit this if you want it to apply to all users ChrootDirectory /srv/sftp_folder #this folder must be owned by root and writeable only by root X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp -Rob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120603015043.ga12...@aurora.owens.net