Hi,
I need to establish a connection (ssl, scp, whatever) to another computer a few countries away, on windows (Seven I think), while I’m on endeavouros (obviously).
I try to read about this but do not understand anything at all, it’s all so confusing. What to do / is there a step-by-step guide, complete with router configuration or whatever’s needed ?
Thanks
There is a whole lot to unpack there. What is the use case / what are you trying to accomplish?
Huh, I knew it would be complicated.
My friend in Croatia will host our website on a raspberry Pi. I have to connect to his computer (the server directly or his laptop, doesn’t matter) to upload and update the site myself, and simply share stuff more easily and securely than with mail or matrix or whatnot.
put the raspberry’s ssh behind a wireguard vpn and open the port for the wireguard too. idk why you need to connect through the windows machine…
true, I won’t need. But it’s practical to share big files, including confidential stuff. Is it so hard to establish an scp connection with a windows machine ??
Also, the steps you mention, I have no idea how to do them. Talking about opening a port, I know just sudo fuser -k [whatever_port]/tcp
fairly limited isn’t it…
you need an ssh server for scp… it would be easier to set up the ssh server on a raspberry. you open the port on the router where the raspberry is. I presume you already opened a port for the website, you do it the same way.
wireguard is for safety, but not necessary, you could just use an ssh key for authentication. you need to google these stuff, would be a bit long to guide you here. anyway going through a windows computer seems unnecessary.
after you set up the ssh server on the pi, you can use sshfs instead of scp for mounting and easier handling of the files.
would make sense going through a windows machine, if you use something like teamviewer or anydesk and connecting to the pi that way
Had another idea, you could try tailscale on the pi and your machine, it doesn’t need much setup and opening ports. also icludes and ssh server if you don’t want or can’t install an ssh server.
for secure file sharing just google file encryption, you can use password for encryption or public key(pgp)
Looks like SSHFS is no longer being active maintained.
If WireGuard is already being used try Network File System.
I already installed wireguard for my vpn so ok.
I tried setting up gufw, it fails:
…
(gufw.py:506271): Gtk-CRITICAL **: 01:19:00.627: _gtk_style_provider_private_get_settings: assertion 'GTK_IS_STYLE_PROVIDER_PRIVATE (provider)' failed /usr/bin/gufw-pkexec : ligne 2 : 506271 Erreur de segmentation (core dumped)python3 /usr/lib/python3.10/site-packages/gufw/gufw.py "$@"
I read how to open ports like this:
sudo iptables -A INPUT -p tcp --dport 4000 -j ACCEPT
which seems to work with telnet:
telnet 192.168.43.158 4000
But not ssh localhost -D 22
bind [127.0.0.1]:22: Permission denied
channel_setup_fwd_listener_tcpip: cannot listen to port: 22
Could not request local forwarding.
Last login: Wed Nov 2 01:13:40 2022 from ::1
Bienvenue dans fish, le shell amical et interactif
Type help for instructions on how to use fish
Or is it merely because I connect to myself ?
And then, I still don’t know where to find the complete IP that a remote computer would have to try and contact.
Out of :
drm@dr-80qr ~ [255]> ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether 1c:39:47:37:32:0b brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether b0:c0:90:2e:eb:60 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.105/24 brd 192.168.1.255 scope global dynamic noprefixroute wlan0
valid_lft 86285sec preferred_lft 86285sec
inet6 2a02:8428:829d:101:82ff:8750:77b0:5769/64 scope global dynamic noprefixroute
valid_lft 279sec preferred_lft 279sec
inet6 fe80::8329:1477:3ab7:159c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
Which can my friend (which has a laptop on linux) try to ping ? With what port, if need be ?
Those are internal ip addresses, not public ones. For remote connections you need to know the public ip address to connect to…
I figured out as much with testing. But what is the command to find the public one ?
Command
show-location-info ip
shows your public IP address.
you could just use tailscale, you don’t need to know public ip or open any ports. install it on the pi and your machine.
agreed, it works on windows which is a plus, but:
first step: Sign up for a Tailscale account. Get started with a free personal plan or trial for an organizational plan.
I am not depending on a tier service. If I wanted the easy way at the cost of loosing autonomy, I wouldn’t go for self-hosting. to be precise i don’t mind the mesh network, but it’s not free so no.
my friend can ping 37.65.9.229
but while I opened port 22, I can ssh localhost but not 37.65.9.229.
And ssh to port 4000 (which I opened) fails too:
sudo iptables -A INPUT -p tcp --dport 4000 -j ACCEPT
ssh localhost -p 4000
ssh: connect to host localhost port 4000: Connection refused
wtf ?
idk what you mean, it’s free up to 20 devices
I know and I don’t want to depend on something not entirely free and decentralized. I want to control all the tools I rely on.
did you open the port on the router?