My parents are 80 and 70 years old persons that managed well to accept the change to linux on all PCs at home. I am living a few hours of flight away from them and can not come home as often as I would like. VOIP is still very tricky in linux (as I do not want skype on my desk).
I am searching for a solution to allow to connect remotely to their PC in a safe way, in order to drop on a specified folder videos and photos that otherwise would be too big to transfer with mail (about 250 mb max I think).
I do NOT want any cloud or serverbased solution (google) and so on. I would like the procedure to be safe (encrypted), (maybe using vpn…??), and to require nearly no interaction by them.
Substantially I would like to create a local drop-box, where I can upload them the files and they just go on their PC to watch them. Also my brother should be able to drop videos of his children for them. And he sticks to windows. All our other systems involved are openSUSE. They are “flat-dsl”, 24/24h connected. IP is dinamic with forced split of connect at 1 pm by the provider. I do connect always from different places, some of them open hotspots.
Does a solution for this exist for Linux and what would you suggest - so I can start reading the “FM”?
Thank you for every link and suggestion.
I will do the setup for them, so it can be complicated to setup, it just has to be easy to use 
Hi
You can use ‘scp’ for the transfers. This requires to open port 22 at the receiving end. Make sure that you have strong passwords in use. ‘man scp’ will show you how it works.
- vodoo wrote, On 09/25/2009 12:16 PM:
> Hi
>
> You can use ‘scp’ for the transfers. This requires to open port 22 at
> the receiving end. Make sure that you have strong passwords in use. ‘man
> scp’ will show you how it works.
That’s what I’d do as well. Let me add a few things:
-
It requires the sshd to run on the parents’ box. If it doesn’t run yet and you enable it now, you need to adjust the SuSEFirewall accordingly; just enable ssh as an allowed service, using Yast’s firewall configuration module.
-
Keep an eye on the logs. ssh is a possible target for brute force password attacks. It often helps to use a different port. You said your parents are on DSL: If they have a router, you want to forward some obscure port (check iana.org) to their local machine’s port 22 and use this obscure (high) port when you connect to their machine.
-
You can use gFTP as a nice and handy scp client on your side.
Uwe
Thank you, both of you, for these very useful hints.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A few others. Unless your parents’ system is literally on the Internet
directly (vs. having a DSL modem with the public IP and then being in a
NAT’d environment behind that) ssh/scp will not work unless you forward
the port. If you do that then great but keep that in mind. If your
parents’ system is directly exposed to the network then this is moot but I
never like doing that with any system. Changing your SSH port to
something else (2222 instead of 22, for example) is sometimes done to get
rid of most attacks (choose your own port number). Also always disable
‘root’ login directly… always. If you do this attackers must guess not
only the password but the username since the only known username is not
allowed. This should be done by default, in my opinion
(/etc/ssh/sshd_config uncomment the PermitRootLogin option and set it to
‘no’ vs. ‘yes’).
To get into your parents’ system I would recommend a VPN option. This can
be setup trivially on both windows and Linux and lets you use whatever
file sharing protocol you prefer. OpenVPN is easy to setup additional
boxes and setting up the server isn’t that bad either.
Now for the grand finale… I’ve been impressed by this little gizmo,
though it would require a dedicated box (or VM) to set it up. This could
be something on your end that your parents VPN (automatically) into if
nothing else:
Basically it has the file sharing stuff, the VPN stuff, and is free. Drop
in a DVD, let it do its thing, have a dedicated server. All
point/click-like I’m told.
Good luck.
stakanov wrote:
> Thank you, both of you, for these very useful hints.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJKvNPJAAoJEF+XTK08PnB5taAP/RsHBdbtVOx6sMoECNQKU5Kp
W2rQFMObg0w4xlx798qd6+W6KvV9/3N52QZtLiHaog+7Z43Ej7LvlWJV7fNqcdIm
zAu246OkDH41tksFQIrr7Wl3cbT0W/1LI9qquQwFYNpjVcSF6JbPMTuBnkyRFKFo
an3JOIWQRSPkRM8X9RW4WipYO5IkA74IHXClu2fnjc6UoR4Z4S7P1y5knWktgGKb
FkY/20IbcQBoWzRofiWr7rhIDN0Vs34DPYgs4LcaAqSr4HtdarMWwIcPHd2RrrMk
L+/bsChNzgMgxBewnzh5boFkq/hXD3VZ+K0EA9UayX9UDfB6L3wmWJHBOj3vvKnK
MyJFfxCvFmz4avOjr7ioc0+hpsgdTKA1Ah5HxqFk+x6/VXMcTLmiZp/ekycllUKF
YaAIjluZf7maflcu765elRd+63MB5308CIuCG/aSKZgGDaLjADtxo/1pxvI866GZ
3kdtsfaqoMAhdoPRxQizk/6dLO+rglvX+EtOGd9rKSMmK9QhUOhYP9HQhv6uPFIg
bRBmSxZJm0PtLJdU+lTz3fz0WMVniDNU4mfmNhtXq1PumUJLoi0VnckBpwQWkuye
zGeSi+Svvvd7Ip1wps/Y7u9Keu4kTMc8O7Wcn0cB5D0zL93RzjLsM/yN53cP7zSQ
ztU6yXjusNMNdCKpUbSX
=4ASp
-----END PGP SIGNATURE-----
You also might want to change the default ssh port from 22 to something a lot higher as well. This avoids all the script kiddies and also keeps your log sizes down greatly!
I know, people are going to say that it’s not a security issue, but whenever I run my public facing ssh server on port 22, the logs get massive very quickly from script and password guessing programmes trying to guess passwords!
These logs can fill up a smallish / partition in a very short time!
Also to overcome the dynamic IP problem, register a free domain name at dyndns.com (or whatever your choice is) , then either set their modem/router to update it automatically (some older/cheaper modem/routers do not have this feature), or set a cron script on their machine to run one of the opensource dynamic-IP update progs.
I’ve done it that way for many years and it is a rock solid method.
For a nice GUI interface over ssh, use** krusader**, available from the standard suse repos. You can create a simple shortcut for a fish (ssh) connection and transfer files the “normal” GUI way if that is what you prefer :).
I am baffled. Thanks to all. I will have to print this out and work on it. But it seems very attractive (and I spoke to my parents, they were enthusiastic).
So seems that I will come to a solution with this.
For me the port forwarding appears essential, since all the rest for me, I think, would be risky business. The router is a brand new Fritz! box. So it should have the latest and greatest…
But really I am quite positively astonished about the good prospects. 
Here’s a brief overview of what you need to do -
Computer1 = your Mother and Father’s computer
Computer2 = your own computer
- Change computer1 to use a static IP address through Yast
- Setup SSHD on computer1 through Yast
- Create Dyndns domain name at dyndns.com
- Configure your Fritzbox to forward ssh port to computer1
- Setup Fritzbox Dyndns auto update feature
- Setup Firewall on computer1 through Yast
- Install Krusader on computer2
It sounds a bit scary and overwhelming, but it will be quite easy if you do it step by step, and ask for help here for each step :).