Newbie: connecting (by scp) two remote computers

I need to establish a connection (ssl, scp, whatever) to another computer a few countries away, on windows (Seven I think), while I’m on endeavouros (obviously).
I try to read about this but do not understand anything at all, it’s all so confusing. What to do / is there a step-by-step guide, complete with router configuration or whatever’s needed ?


There is a whole lot to unpack there. What is the use case / what are you trying to accomplish?

Huh, I knew it would be complicated.
My friend in Croatia will host our website on a raspberry Pi. I have to connect to his computer (the server directly or his laptop, doesn’t matter) to upload and update the site myself, and simply share stuff more easily and securely than with mail or matrix or whatnot.

put the raspberry’s ssh behind a wireguard vpn and open the port for the wireguard too. idk why you need to connect through the windows machine…

true, I won’t need. But it’s practical to share big files, including confidential stuff. Is it so hard to establish an scp connection with a windows machine ??
Also, the steps you mention, I have no idea how to do them. Talking about opening a port, I know just sudo fuser -k [whatever_port]/tcp
fairly limited isn’t it…

you need an ssh server for scp… it would be easier to set up the ssh server on a raspberry. you open the port on the router where the raspberry is. I presume you already opened a port for the website, you do it the same way.
wireguard is for safety, but not necessary, you could just use an ssh key for authentication. you need to google these stuff, would be a bit long to guide you here. anyway going through a windows computer seems unnecessary.

1 Like

after you set up the ssh server on the pi, you can use sshfs instead of scp for mounting and easier handling of the files.

1 Like

would make sense going through a windows machine, if you use something like teamviewer or anydesk and connecting to the pi that way

Had another idea, you could try tailscale on the pi and your machine, it doesn’t need much setup and opening ports. also icludes and ssh server if you don’t want or can’t install an ssh server.
for secure file sharing just google file encryption, you can use password for encryption or public key(pgp)

Looks like SSHFS is no longer being active maintained.

If WireGuard is already being used try Network File System.

I already installed wireguard for my vpn so ok.

I tried setting up gufw, it fails:

( Gtk-CRITICAL **: 01:19:00.627: _gtk_style_provider_private_get_settings: assertion 'GTK_IS_STYLE_PROVIDER_PRIVATE (provider)' failed /usr/bin/gufw-pkexec : ligne 2 : 506271 Erreur de segmentation (core dumped)python3 /usr/lib/python3.10/site-packages/gufw/ "$@"

I read how to open ports like this:
sudo iptables -A INPUT -p tcp --dport 4000 -j ACCEPT

which seems to work with telnet:
telnet 4000

But not ssh localhost -D 22

bind []:22: Permission denied
channel_setup_fwd_listener_tcpip: cannot listen to port: 22
Could not request local forwarding.
Last login: Wed Nov 2 01:13:40 2022 from ::1
Bienvenue dans fish, le shell amical et interactif
Type help for instructions on how to use fish

Or is it merely because I connect to myself ?

And then, I still don’t know where to find the complete IP that a remote computer would have to try and contact.

Out of :

drm@dr-80qr ~ [255]> ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 1c:39:47:37:32:0b brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether b0:c0:90:2e:eb:60 brd ff:ff:ff:ff:ff:ff
    inet brd scope global dynamic noprefixroute wlan0
       valid_lft 86285sec preferred_lft 86285sec
    inet6 2a02:8428:829d:101:82ff:8750:77b0:5769/64 scope global dynamic noprefixroute 
       valid_lft 279sec preferred_lft 279sec
    inet6 fe80::8329:1477:3ab7:159c/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

Which can my friend (which has a laptop on linux) try to ping ? With what port, if need be ?

Those are internal ip addresses, not public ones. For remote connections you need to know the public ip address to connect to…

1 Like

I figured out as much with testing. But what is the command to find the public one ?


show-location-info ip

shows your public IP address.


you could just use tailscale, you don’t need to know public ip or open any ports. install it on the pi and your machine.

agreed, it works on windows which is a plus, but:

first step: Sign up for a Tailscale account. Get started with a free personal plan or trial for an organizational plan.

I am not depending on a tier service. If I wanted the easy way at the cost of loosing autonomy, I wouldn’t go for self-hosting. to be precise i don’t mind the mesh network, but it’s not free so no.

my friend can ping
but while I opened port 22, I can ssh localhost but not
And ssh to port 4000 (which I opened) fails too:

sudo iptables -A INPUT -p tcp --dport 4000 -j ACCEPT
ssh localhost -p 4000
ssh: connect to host localhost port 4000: Connection refused

wtf ?

idk what you mean, it’s free up to 20 devices

I know and I don’t want to depend on something not entirely free and decentralized. I want to control all the tools I rely on.

1 Like

did you open the port on the router?