Connect with SFTP Out of LAN

Support for Tonido on the Desktop including Windows/Mac/Linux
jamxi
Regular Tonidoid
Regular Tonidoid
Posts: 11
Joined: Mon Mar 07, 2011 6:05 pm

Connect with SFTP Out of LAN

Postby jamxi » Fri Mar 18, 2011 10:13 pm

Is it possible to connect to my plug with SFTP if I'm not on my network? I haven't had much luck getting it to work, so I'm assuming the answer is no. If you know of way can you explain what I need to do.

Thanks.

User avatar
agrajag
Veteran Tonidoid
Veteran Tonidoid
Posts: 77
Joined: Tue Dec 14, 2010 9:25 am

Re: Connect with SFTP Out of LAN

Postby agrajag » Sat Mar 19, 2011 3:36 am

You have to configure your router to forward port 22 to your tonido's IP.
Also you should configure ssh on the plug to not allow direct root access for security reasons.

jamxi
Regular Tonidoid
Regular Tonidoid
Posts: 11
Joined: Mon Mar 07, 2011 6:05 pm

Re: Connect with SFTP Out of LAN

Postby jamxi » Sat Mar 19, 2011 7:15 pm

agrajag wrote:You have to configure your router to forward port 22 to your tonido's IP.
Also you should configure ssh on the plug to not allow direct root access for security reasons.


I don't know anything about ssh. Can you provide some instructions on how I go about configuring no direct root access?

Thanks.

User avatar
agrajag
Veteran Tonidoid
Veteran Tonidoid
Posts: 77
Joined: Tue Dec 14, 2010 9:25 am

Re: Connect with SFTP Out of LAN

Postby agrajag » Sun Mar 20, 2011 2:59 am

Note: You shouldn't do this, if you Plug boots from the internal flash!
Please follow one of the descriptions to Boot from USB first!
If something goes wrong you can brick your plug permanently and lose Guaranty!
So be care full!!!!


First login to the plug via SSH as root:

Code: Select all

ssh root@yourip


Replace "yourip" with the internal IP from your Plug.
The password is the same as you use for the "PlugAdmin"-Page of Tonido (or "nosoup4u").

Then you have to create a new user:

Code: Select all

useradd -m -k /etc/skel loginuser
passwd loginuser


You can replace "loginuser" with any other name.

Now you should try, if you can ssh with this new user:
Close the actual session:

Code: Select all

exit


Now login with the new account:

Code: Select all

ssh loginuser@yourip


If this works you should try to su with this user (this switches the loginuser to a root user)

Code: Select all

su -


If this works, too, you can edit the sshd config file, to disallow root login:

Code: Select all

nano /etc/sshd.conf


Search for the line:
permitrootlogin=yes


And change it to:
permitrootlogin=no


Now restart sshd:

Code: Select all

/etc/init.d/sshd restart


You should lose the connection, because the SSH-Deamon is reconfiguring.
Wait a few seconds

Try to ssh into the plug as root again. It should not work.

Code: Select all

ssh root@yourip


Now you can try login as loginuser, again. This should work:

Code: Select all

ssh loginuser@yourip


Now if you have to run commands as root you are forced to use 'sudo' or 'su -' as above.
'sudo' runs a single command with root permissions, 'su -' switches to the root account.

All you have to do now is forwarding port 22 to your plug (you should give it a static local ip before).
Please consult your routers Manual for details on that, because i know nothing about the router you use.

jamxi
Regular Tonidoid
Regular Tonidoid
Posts: 11
Joined: Mon Mar 07, 2011 6:05 pm

Re: Connect with SFTP Out of LAN

Postby jamxi » Sun Mar 20, 2011 2:18 pm

Note: You shouldn't do this, if you Plug boots from the internal flash!
Please follow one of the descriptions to Boot from USB first!
If something goes wrong you can brick your plug permanently and lose Guaranty!
So be care full!!!!


OK - just to clarify things. I assume out of the box the plug boots to internal flash so I should just be able to follow the instructions I found here viewtopic.php?f=37&t=312 before following your instructions. Is that correct?

I believe I've setup portforwarding correctly using the ip address I found in my network tab. I've tried to connect with fillezilla using the ip address I found from the tonido.com/ip page with root and password. I'm getting Network error: Connection refused / Error: Could not connect to server. Any thoughts on what this could be? I'm tying to do this while I'm still on my LAN so I don't know if that could be the issue or if I'm using the wrong ip address to connect to. Also would having Tonidos relay service on cause issues, should that be off?

Thanks for all your help.

User avatar
agrajag
Veteran Tonidoid
Veteran Tonidoid
Posts: 77
Joined: Tue Dec 14, 2010 9:25 am

Re: Connect with SFTP Out of LAN

Postby agrajag » Tue Mar 22, 2011 12:05 pm

jamxi wrote:
OK - just to clarify things. I assume out of the box the plug boots to internal flash so I should just be able to follow the instructions I found here viewtopic.php?f=37&t=312 before following your instructions. Is that correct?


Yes, that's right.

jamxi wrote:I believe I've setup portforwarding correctly using the ip address I found in my network tab. I've tried to connect with fillezilla using the ip address I found from the tonido.com/ip page with root and password. I'm getting Network error: Connection refused / Error: Could not connect to server. Any thoughts on what this could be? I'm tying to do this while I'm still on my LAN so I don't know if that could be the issue or if I'm using the wrong ip address to connect to. Also would having Tonidos relay service on cause issues, should that be off?

Thanks for all your help.


The destination IP in the portforwarding must be the same, as you get from tonido.com/ip.
For the Source of this rule you should configure all external connections (this could be a possible fault, if you've configured your LAN as Source).
The rule reads like this:

Forward port 22 from ANY external IP to port 22 of PlugIP


Also it's recommended to setup a static IP (or fixed DHCP) for the Plug instead of using DHCP.

Did SSH work, before you've configured portforwarding?
If yes, can you post more in detail, what you did to configure portforwarding?
Have you tested it from an external Network, too?
The relay service should not affect local connections.

jamxi
Regular Tonidoid
Regular Tonidoid
Posts: 11
Joined: Mon Mar 07, 2011 6:05 pm

Re: Connect with SFTP Out of LAN

Postby jamxi » Tue Mar 22, 2011 9:30 pm

[Edit - I messed with it some more and it looks like I had the wrong settings when setting up the static IP in linksys. It looks like I'm in business. This still seems to disable the username.tonidoid.com address. Is it supposed to do that? ]

So I've spent countless hours banging my head against a wall trying to get port forwarding to work. In researching and testing I've discovered my DSL modem (ActionTec) acts like a router and along with that I'm using a Linksys wireless router, so things are a bit complicated for me.

So what I've done thus far is configured Linksys with a static IP address. Then turned on DMZ on my ActionTec Modem and set it to the static IP address I created on Linksys. Then in Linksys I added portforwarding using the "Private IP" I found on http://www.tonidoplug.com/ip/ and cofiguring it to port 22 and Portocol is set to both.

So I think I'm close to getthing this working. Some things I've noticed after making the above mentioned settings is that username.tonidoid.com address doesn't work any longer, but I can still access it with my Private IP address. Also I thought I'd give it a try and opened a port on Linksys for 10001 and tested that in http://www.dyndns.com/support/tools/openport.html which passed as being open however port 22 still times out.

So if agrajag or anyone else has any thoughts please let me know.

User avatar
agrajag
Veteran Tonidoid
Veteran Tonidoid
Posts: 77
Joined: Tue Dec 14, 2010 9:25 am

Re: Connect with SFTP Out of LAN

Postby agrajag » Wed Mar 23, 2011 2:05 pm

I've a similar setup here. One cheep DSL-Modem/Router from my provider and a Netgear Router behind it. Here's how i've configured it (i'm not having a DMZ):

Router1:
Configured static IP for LAN Port1 (192.168.1.1);
Forwarded port 22, 80, 10001 to the static ip of Router2(192.168.1.2)

Router2:
Static IP for LAN Port1 which is connected with Router1 (192.168.1.2);
Using 192.168.1.1 as default gateway (static route);
LAN Port2 is connected with my LAN-Swich and has DHCP enabled with Range 192.168.2.X;
Fixed DHCP for TonidoPlug's MACAddress 192.168.2.254;
Port-forwarded ports 22, 80, 10001 to 192.168.2.254;

TonidoPlug:
Disable Tonido Relay Service on the Settings-page.

Note: Forwarding of port 80 is not allowed from all providers (you've than to put the :10001 to the URL to access your plug via http)!

All things are working just fine for me.
I can also access my plug with username.tonidoid.com without problems.

jamxi
Regular Tonidoid
Regular Tonidoid
Posts: 11
Joined: Mon Mar 07, 2011 6:05 pm

Re: Connect with SFTP Out of LAN

Postby jamxi » Wed Mar 23, 2011 11:23 pm

OK I think I have it working with your suggestion. It doesn't look like I need to disable the relay service, is there any reason it should be? I'm noticing that if I'm connected inside my network I have to use my private ip address to connect to SFTP. The outside IP address seems to only work outside the network. This doesn't seem like a big deal just seeing if this is something that should be expected.

Thanks for your help

User avatar
agrajag
Veteran Tonidoid
Veteran Tonidoid
Posts: 77
Joined: Tue Dec 14, 2010 9:25 am

Re: Connect with SFTP Out of LAN

Postby agrajag » Thu Mar 24, 2011 12:49 pm

jamxi wrote:It doesn't look like I need to disable the relay service, is there any reason it should be?


No, it's not necessary to disable the relay service for SSH/SFTP. But It's much faster, if you Up-/Download large files to/from the Plug from external networks or listening to music on your Mobile.

jamxi wrote: I'm noticing that if I'm connected inside my network I have to use my private ip address to connect to SFTP. The outside IP address seems to only work outside the network. This doesn't seem like a big deal just seeing if this is something that should be expected.


Yes, thats right. From your internal LAN you've to use your internal IP. The user.tonidoid.com thing will only work from outside your LAN.

jamxi wrote:Thanks for your help


No Problem.


Return to “Tonido Software”

Who is online

Users browsing this forum: No registered users and 30 guests