I hope this is the correct place to post this, if not i apologize. Basically i would like to give access to the files on my NAS to a friend who lives about an hour away, and be able to access it myself when i am not home, but without messing up my ability to move files in and out of the share using file explorer from my local machine. Can anyone recommend the simplest way to achieve this?
-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
recommendation for remote access
- Thread starter 06coopers
- Start date
- Status
Hi,
with scp protocol you can access all the files from the NAS without defining any share (so without messing up the file rights). you only need to open port 22/SSH on your router.
Winscp is a nice windows client for this protocol
But you must trust your friend because it will give him complete access, including the system files...
This also gives remote ssh access to you NAS over internet. Some security has to be applied because of bots scanning internet for ssh with default logins. (using another port fort ssh, good password...)
with scp protocol you can access all the files from the NAS without defining any share (so without messing up the file rights). you only need to open port 22/SSH on your router.
Winscp is a nice windows client for this protocol
But you must trust your friend because it will give him complete access, including the system files...
This also gives remote ssh access to you NAS over internet. Some security has to be applied because of bots scanning internet for ssh with default logins. (using another port fort ssh, good password...)
Last edited:
nojohnny101
Wizard
- Joined
- Dec 3, 2015
- Messages
- 1,478
Google is your friend:
https://www.google.com/search?q=fre...tely&ie=UTF-8&oe=UTF-8&hl=en-us&client=safari
I've had luck with the first link.
https://www.google.com/search?q=fre...tely&ie=UTF-8&oe=UTF-8&hl=en-us&client=safari
I've had luck with the first link.
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Not if you give him a user account without access to those files, which you should do in any event.
If you're going to open SSH to the outside world, you must use public key authentication, and really should move SSH to a non-default port. But a better plan would be to set up your router as a VPN server, and use that to connect to your network.
scrappy
Patron
- Joined
- Mar 16, 2017
- Messages
- 347
I very much agree with this. Don't take remote access lightly or you could end up with a third party having access to your system.
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
...which we've seen time and time again.
nojohnny101
Wizard
- Joined
- Dec 3, 2015
- Messages
- 1,478
All the advice you need to safely (as safe as you can be) open up remote access to your FreeNAS has been given but the information has become a bit scattershot in this thread. Let me help you and sum it for you:
1) choose to use VPN or SSH (google how to set this up, thousands of threads)
2) if you are going with SSH, only use private/public key authentication, NOT PASSWORDS (this is usually covered in the guides you will find in setting up SSH)
3) if you are going with SSH, then use a non-standard port. SSH by default uses port 22 but you can easily change this by setting up a port forward in your router (or in whatever router the freenas box is sitting behind). You can really pick any port that doesn't conflict with a port that another service is using (to avoid conflicts, just pick any port north of 1200)
done. I haven't setup VPN for remote access but some say it is easier than setting up SSH.
1) choose to use VPN or SSH (google how to set this up, thousands of threads)
2) if you are going with SSH, only use private/public key authentication, NOT PASSWORDS (this is usually covered in the guides you will find in setting up SSH)
3) if you are going with SSH, then use a non-standard port. SSH by default uses port 22 but you can easily change this by setting up a port forward in your router (or in whatever router the freenas box is sitting behind). You can really pick any port that doesn't conflict with a port that another service is using (to avoid conflicts, just pick any port north of 1200)
done. I haven't setup VPN for remote access but some say it is easier than setting up SSH.
ssh is secure if you follow the link/recos from nojohnny101 and spend time to get familiar with it.
Point with key authentication is to restrict access to the users for which you have generated a key. This prevents an attacker/bot to enter your system using some other account (badly) created for whatever reason on your system (share,...).
The important thing here is to disable password authentication in the ssh service configuration.
Setting VPN may presents other issues like your friend browsing internet through your own internet connection if not properly configured... it's not magic solution either.
Also, as advised you should create a user for your friend that allows only scp (there is a scponly kind of shell for that) and has rights restricted to the files under the smb share. This will prevent inadvertently damaging system files or messing up with rights on your shamba share.
All in all this is very interesting to set up and I encourage you to go this way because you will learn a lot. But basically it looks like your issue resides in the fact that FreeNAS doesn't provide out of the box solution for your use case.
Point with key authentication is to restrict access to the users for which you have generated a key. This prevents an attacker/bot to enter your system using some other account (badly) created for whatever reason on your system (share,...).
The important thing here is to disable password authentication in the ssh service configuration.
Setting VPN may presents other issues like your friend browsing internet through your own internet connection if not properly configured... it's not magic solution either.
Also, as advised you should create a user for your friend that allows only scp (there is a scponly kind of shell for that) and has rights restricted to the files under the smb share. This will prevent inadvertently damaging system files or messing up with rights on your shamba share.
All in all this is very interesting to set up and I encourage you to go this way because you will learn a lot. But basically it looks like your issue resides in the fact that FreeNAS doesn't provide out of the box solution for your use case.
saikee
Explorer
- Joined
- Feb 7, 2017
- Messages
- 77
I found our Forum member Glorious1 has written a very good piece of Howto called
[How-To] How to Access Your FreeNAS Server Remotely (and Securely)
https://forums.freenas.org/index.ph...r-freenas-server-remotely-and-securely.27376/
I am slowly implementing it myself. It is really a shame to ignore this nice piece of work which is totally based on FreeNAS.
[How-To] How to Access Your FreeNAS Server Remotely (and Securely)
https://forums.freenas.org/index.ph...r-freenas-server-remotely-and-securely.27376/
I am slowly implementing it myself. It is really a shame to ignore this nice piece of work which is totally based on FreeNAS.
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Who's ignoring it? That's the "first link" that @nojohnny101 is talking about. I'm not a fan myself (I prefer the VPN answer), but it's a valid, and reasonably-secure, way to do it.
- Status
