| 1 |
Kai Krakow <hurikhan77@×××××.com> writes: |
| 2 |
|
| 3 |
> Am Sat, 29 Apr 2017 20:30:03 +0100 |
| 4 |
> schrieb lee <lee@××××××××.de>: |
| 5 |
> |
| 6 |
>> Danny YUE <sheepduke@×××××.com> writes: |
| 7 |
>> |
| 8 |
>> > On 2017-04-25 14:29, lee <lee@××××××××.de> wrote: |
| 9 |
>> >> Hi, |
| 10 |
>> >> |
| 11 |
>> >> since the usage of FTP seems to be declining, what is a replacement |
| 12 |
>> >> which is at least as good as FTP? |
| 13 |
>> >> |
| 14 |
>> >> I'm aware that there's webdav, but that's very awkward to use and |
| 15 |
>> >> missing features. |
| 16 |
>> > |
| 17 |
>> > What about sshfs? It allows you to mount a location that can be |
| 18 |
>> > accessed via ssh to your local file system, as if you are using |
| 19 |
>> > ssh. |
| 20 |
>> |
| 21 |
>> Doesn't that require ssh access? And how do you explain that to ppl |
| 22 |
>> finding it too difficult to use Filezilla? Is it available for |
| 23 |
>> Windoze? |
| 24 |
> |
| 25 |
> Both, sshfs and scp, require a full shell (that may be restricted but |
| 26 |
> that involves configuration overhead on the server side). |
| 27 |
|
| 28 |
I wouldn't want them to have that. |
| 29 |
|
| 30 |
> You can use sftp (FTP wrapped into SSH), which is built into SSH. It |
| 31 |
> has native support in many Windows clients (most implementations use |
| 32 |
> PuTTY in the background). It also has the advantage that you can |
| 33 |
> easily restrict users on your system to SFTP-only with an easy |
| 34 |
> server-side configuration. |
| 35 |
|
| 36 |
From what I've been reading, sftp is deprecated and has been replaced by |
| 37 |
ftp with TLS. |
| 38 |
|
| 39 |
>> > Also samba can be a replacement. I have a samba server on my OpenWRT |
| 40 |
>> > router and use mount.cifs to mount it... |
| 41 |
>> |
| 42 |
>> Does that work well, reliably and securely over internet connections? |
| 43 |
> |
| 44 |
> It supports encryption as transport security, and it supports kerberos |
| 45 |
> for secure authentication, the latter is not easy to setup in Linux, |
| 46 |
> but it should work with Windows clients out-of-the-box. |
| 47 |
> |
| 48 |
> But samba is a pretty complex daemon and thus offers a big attack |
| 49 |
> surface for hackers and bots. I'm not sure you want to expose this to |
| 50 |
> the internet without some sort of firewall in place to restrict access |
| 51 |
> to specific clients - and that probably wouldn't work for your scenario. |
| 52 |
|
| 53 |
At least it's a possibility. I don't even know if they have static IPs, |
| 54 |
though. |
| 55 |
|
| 56 |
> But you could offer access via OpenVPN and tunnel samba through that. |
| 57 |
|
| 58 |
I haven't been able yet to figure out what implications creating a VPN |
| 59 |
has. I understand it's supposed to connect networks through a secured |
| 60 |
tunnel, but what kind of access to the LAN does someone get who connects |
| 61 |
via VPN? Besides, VPN is extremely complicated and difficult to set |
| 62 |
up. I consider it an awful nightmare. |
| 63 |
|
| 64 |
Wireguard seems a lot easier. |
| 65 |
|
| 66 |
> By that time, you can as easily offer FTP, too, through the tunnel |
| 67 |
> only, as there should be no more security concerns now: It's encrypted |
| 68 |
> now. |
| 69 |
|
| 70 |
The ftp server already doesn't allow unencrypted connections. |
| 71 |
|
| 72 |
Now try to explain to ppl for whom Filezilla is too complicated how to |
| 73 |
set up a VPN connection and how to secure their LAN once they create the |
| 74 |
connection (if we could ever get that to work). I haven't been able to |
| 75 |
figure that out myself, and that is one of the main reasons why I do not |
| 76 |
have a VPN connection but use ssh instead. The only disadvantage is |
| 77 |
that I can't do RDP sessions with that --- I probably could and just |
| 78 |
don't know how to --- but things might be a lot easier if wireguard |
| 79 |
works. |
| 80 |
|
| 81 |
> OpenVPN also offers transparent compression which can be a big |
| 82 |
> plus for your scenario. |
| 83 |
|
| 84 |
Not really, a lot of data is images, usually JPEG, some ZIP files, some |
| 85 |
PDF. All that doesn't compress too well. |
| 86 |
|
| 87 |
> OpenVPN is not too difficult to setup, and the client is available for |
| 88 |
> all major OSes. And it's not too complicated to use: Open VPN |
| 89 |
> connection, then use your file transfer client as you're used to. Just |
| 90 |
> one simple extra step. |
| 91 |
|
| 92 |
I'm finding it a horrible nightmare, see above. It is the most |
| 93 |
difficult thing you could come up with. I haven't found any good |
| 94 |
documentation that explains it, the different types of it, how it works, |
| 95 |
what to use (apparently there are many different ways or something, some |
| 96 |
of which require a static IP on both ends, and they even give you |
| 97 |
different disadvantages in performance ...), how to protect the |
| 98 |
participants and all the complicated stuff involved. So far, I've |
| 99 |
managed to stay away from it, and I wouldn't know where to start. Of |
| 100 |
course, there is some documentation, but it is all confusing and no |
| 101 |
good. |
| 102 |
|
| 103 |
The routers even support it. In theory, it shouldn't be difficult to |
| 104 |
set up, but that's only theory. They do not have any documentation as |
| 105 |
to how to protect the connected networks from each other. I could |
| 106 |
probably get it to work, but I wouldn't know what I'm doing, and I don't |
| 107 |
like that. |
| 108 |
|
| 109 |
|
| 110 |
I admit that I don't really want to know how VPN works because it's |
| 111 |
merely an annoyance and not what I need. What's needed is a simple, |
| 112 |
encrypted connection between networks, and VPN is anything but that. |
| 113 |
|
| 114 |
Wireguard sounds really simple. Since I need to set up a VPN or |
| 115 |
VPN-like connection sooner than later, I'm considering using it. |
| 116 |
|
| 117 |
|
| 118 |
-- |
| 119 |
"Didn't work" is an error. |
Archives