Find the answer to your Linux question:
Results 1 to 5 of 5
Hello everybody, I'm really lost, I thought it would be really easy to be able to safely share files that are stored on my server over the internet, so that ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2013
    Posts
    2

    How to securely share files over the internet?


    Hello everybody,

    I'm really lost, I thought it would be really easy to be able to safely share files that are stored on my server over the internet, so that I can access them from anywhere. But it turns out it's almost impossible! I've tried OpenVPN multiple times, Openswan and even ownCloud, but I couldn't get them to work (except for ownCloud, but I disliked it). Am I missing something? Do any of you know an easy way to share files securely over the internet?

    This is what I want:
    - To be able to access my files through Windows Explorer (i.e. be able to map the shared folder as a network drive in Windows)
    - To be able to open the files directly, without having to download them first (as is the case with a FTP-server), so I can stream my music files
    - An encrypted connection, so noboby can intercept the data I am sending to and receiving from the server

    This is what I have:
    - A fast internet connection (100mbit)
    - A Ubuntu 12.04LTS Server
    - Two laptops running Windows 7 - these are the machines that should be able to access the files on the server

    This is what I've tried:
    - Setting up a VPN (using OpenVPN and Openswan, using all kinds of different VPN Clients)
    - 'Tunneling Samba through SSL' - although I don't really understand what this means..
    - Setting up ownCloud, but that didn't allow me open the whole shared drive in Windows Explorer and I also doubt the security of it
    None of these things worked, obviously.

    I'm already running a Samba server which allows me to access the server's files through my LAN, but I don't think it's really secure to open the Samba server up to connections from outside the LAN, or is it?

    So my question actually is: How do I make my files safely accessible through the internet? There must be an easy way to do this, as this is one of the first things you want to do once you have your own server, right?

    Thanks a lot in advance, I'm looking forward to your responses! (please keep in mind that I don't have much experience with Linux networking)
    Gorbatsjov

  2. #2
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,892
    To be honest, this hardly ever comes up - most people don't want to share their files securely over the internet. Most of the time they want to prevent people from accessing them.

    I have complete secure access to my files on my server, but I run Linux both ends. I use the fuse ssh filesystem module, I have this kind of arrangement:

    Server <- A -> Firewall <- B -> internet <- C -> laptop/tablet (or whatever) device

    where
    A: my local network in my house
    B: my isp connection with non-standard SSH port forwarded to my server
    C: whatever network connection I'm on.

    I have a key-based login set up using ssh, allowing my laptop to connect to the server using my private/public key pair that allows me access. The fuse module sits on top of this and uses the connection, it just lets me browse my files using sftp (secure ftp).

    As it happens, I'd never trust this arrangement to work if I was trying to use the Windwos SMB protocol or Samba (which implements it for Linux), I'd stick to using ssh and a Linux client. I think you have two clear options:

    1. set up your laptop(s) to be running a flavour of Linux so you can use this
    2. persevere with the 'tunneling samba through ssl' option.

    It does, of course, depend on what you're trying to do with your files - if you just need to edit them and it can be done on the server, you might find it easier to forward a VNC session over the network connection and have a server desktop session displayed in a window on the laptop. That'd give you control enough to manipulate the files remotely.
    Linux user #126863 - see http://linuxcounter.net/

  3. #3
    Just Joined!
    Join Date
    Apr 2013
    Posts
    2
    I'm very surprised that not more people want this. But I continued trying to tunnel Samba through SSH, and I finally got it working, thanks to this guide! nikhef.nl/~janjust/CifsOverSSH/VistaLoopback.html

    It works very well now, but Roxoff, can you explain why you'd never trust this arrangement? What are the risks? I'm not scared by very technical answers.

  4. #4
    Just Joined!
    Join Date
    May 2006
    Posts
    36
    Looks like to me that you are looking for something like dropbox, but then a safe version of it.
    You probably end up with owncloud

  5. #5
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,892
    Quote Originally Posted by Gorbatsjov View Post
    I'm very surprised that not more people want this. But I continued trying to tunnel Samba through SSH, and I finally got it working, thanks to this guide! nikhef.nl/~janjust/CifsOverSSH/VistaLoopback.html

    It works very well now, but Roxoff, can you explain why you'd never trust this arrangement? What are the risks? I'm not scared by very technical answers.
    The SMB protocol is a proprietary mechanism from Microsoft that allows not just files but other control information to be shared across a network running different versions of Windwos. It supports the domain-level authentication needed by corporate services on Windwos, so spooling it out over the internet when all I want to do is read my files is just a bit too much. To summarise why I don't want to do this:

    1. As it's proprietary, then I cannot be sure that there aren't things in there that can be compromised easily. This is partly alleviated by running it over ssh...
    2. Its bloatware, the protocol is large and somewhat unwieldy. It certainly isn't designed for use over narrow-bandwidth connections, and hence is slow and wasteful
    3. I don't have any Windwos clients that I take anywhere. All my portable stuff runs a version of Linux (and, now, Android too) so it's just never needed.
    4. ssh is really easy, really secure, and really fast. I have no reason to make ssh work then go through the pain of making run samba over it.

    These, of course, are my reasons. You have to make decisions about what you want to use to support what you do, don't use my reasons to make your decision.
    Linux user #126863 - see http://linuxcounter.net/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •