Trying to ultimately setup SFTP in PxMx CT

[msymms]

Hi All,
I am not near as versed in this as everyone here. This is more of a hobby for me and not my profession. This setup is my home system.
I have ProxMox running on an old Dell T420 that has a CT running samba that acts as my file server. This sits behind an Edge 4 router. I have left the default firewall rules in place as they work well.
I also have Zerotier running in the samba CT, but not on PM itself. My ZT dashboard does see it.
I have a DDNS service running and a my own domain.
I can ping domain.com with good results, but samba.domain.com returns nothing.

My goal is to setup an SFTP server to allow me to upload files to the file server, either through CmdLine or web page. I think I have the tools in place, but not quite sure the steps to configure this correctly. I have never setup an SFTp server before.
I cannot manage the boxes remotely unless having Zerotier running on my client system. Which leads me to believe that my DDNS is not setup correctly.

Any help or shoving me in the right direction is appreciated.

TIA,
-mark

 

[wbk]

I have a DDNS service running and a my own domain.
I can ping domain.com with good results, but samba.domain.com returns nothing.

Did you setup your DNS for samba.domain.com? By the way, your will not actually name it samba in DNS, would you? It works of course, but with DNS being public and samba not always easily configured securely, it might not be the best name

My goal is to setup an SFTP server

SFTP is included with OpenSSH. If you manage to SSH into your container, you can can start using SFTP. Mind that there also exists FTPS, which is FTP with security added.

 

[msymms]

Did you setup your DNS for samba.domain.com? By the way, your will not actually name it samba in DNS, would you? It works of course, but with DNS being public and samba not always easily configured securely, it might not be the best name

No, that was just for illustration purposes. And yes, i do have a DNS record for samba.domain.com.

What I am wondering, as I have been reading today, is if all of this is the best solution. I want to be able to provide a link, even a temporary one, to someone so they can transfer a large file to me that is too big for email or not in proximity to say AirDrop. They won’t be logged in to my ZT network, and it is a pain having to log into ZT each time I want to access my files remotely.

Anyway, wbk thanks for taking the time to reply

 

[wbk]

I want to be able to provide a link, even a temporary one, to someone so they can transfer a large file to me that is too big for email or not in proximity to say AirDrop

I offer Nextcloud upload links for exactly that. My Nextcloud runs on Yunohost, Jirafeau is another (more lightweight) app in its catalog to provide just that service.

There are probably numerous services that provide something like that. Oh, yes, and if everything else fails, XKCD

Whichever self-hosted solution you chose, if you want to offer people an opportunity to upload stuff, it needs to be publicly exposed.

it is a pain having to log into ZT each time I want to access my files remotely.

I don't know Zerotier; if it is a kind of VPN you could 'just stay connected', of course (depending a bit on your home network speed). From what kinds of (trusted?) devices would you connect? Of course, this is also _the_ use case for Nextcloud ;-)

 

[msymms]

I was just looking at ownCloud

 

[raosanasaleem]

Hi All,
I am not near as versed in this as everyone here. This is more of a hobby for me and not my profession. This setup is my home system.
I have ProxMox running on an old Dell T420 that has a CT running samba that acts as my file server. This sits behind an Edge 4 router. I have left the default firewall rules in place as they work well.
I also have Zerotier running in the samba CT, but not on PM itself. My ZT dashboard does see it.
I have a DDNS service running and a my own domain.
I can ping domain.com with good results, but samba.domain.com returns nothing.

My goal is to setup an SFTP server to allow me to upload files to the file server, either through CmdLine or web page. I think I have the tools in place, but not quite sure the steps to configure this correctly. I have never setup an SFTp server before.
I cannot manage the boxes remotely unless having Zerotier running on my client system. Which leads me to believe that my DDNS is not setup correctly.

Any help or shoving me in the right direction is appreciated.

TIA,
-mark

It sounds like you have a good starting setup and just need some guidance on configuring the various components to work together. Let's address your concerns step by step.

1. DNS and DDNS Configuration

The fact that you can ping `domain.com` but not `samba.domain.com` suggests that there's a DNS issue, specifically with your subdomain configuration. You need to make sure that `samba.domain.com` is correctly pointed to your DDNS IP address. Here's how you can check and correct that:

1. DDNS Setup: Make sure your DDNS service is updating the IP correctly for `domain.com`.
2. Subdomain: You must create an A record for `samba.domain.com` in your DNS management dashboard (wherever your domain's DNS is managed) that points to the same DDNS IP address.
3. Propagation: After you have made DNS changes, wait a bit as DNS changes can take some time to propagate.

2. Samba Server Accessibility

To manage the boxes remotely without ZeroTier, you'll need to ensure that your router is forwarding the appropriate ports to your Samba server. However, exposing Samba directly to the internet can be risky security-wise. It's generally recommended to use VPNs (like ZeroTier) or secure tunnels for remote access.

3. Setting Up SFTP Server

To set up an SFTP server, you don't need to use Samba. SFTP is a feature of the SSH server. Here's how you can set up SFTP on a Linux-based system:

1. SSH Server: Ensure that `openssh-server` is installed on your system where you want to have the SFTP service running.

2. Configure SSH: Edit the SSH configuration file, usually located at `/etc/ssh/sshd_config`, and make sure the SFTP subsystem is enabled (it typically is by default):
Subsystem sftp /usr/lib/openssh/sftp-server

3. User Accounts: Create user accounts that you want to be able to use SFTP. For additional security, you can configure these users to only use SFTP and not full SSH by modifying their shell or using chroot jails in the `sshd_config` file.

4. Restart SSH: After making changes to the configuration, restart the SSH service:
sudo systemctl restart sshd

5. Port Forwarding: On your router, forward the standard SSH port (22) to your server. You might want to change the default port to something else for security reasons.

6. Firewall Rules: Check your firewall rules on both Proxmox and the EdgeRouter to ensure that the chosen SFTP port is open.

4. Web-based File Uploads

If you prefer to upload files through a web page rather than SFTP, you will need to set up a web server with file upload capabilities. Solutions like `Nextcloud` or a simple `PHP` upload script could be used for this purpose. Just remember, anything you expose to the internet must be secured properly.

5. Security Considerations

Exposing your home server to the internet should be done with caution:

- Use strong passwords and consider using SSH keys instead of password authentication for SFTP.
- Keep your system updated with security patches.
- Regularly check logs for any suspicious activity.
- Consider setting up fail2ban to protect against brute force login attempts.

6. Remote Management

Regarding remote management, if you want to manage your system without relying on ZeroTier, you would typically use SSH for command-line access or a web-based control panel. However, as mentioned, exposing these services directly to the internet comes with risks and should be done carefully with proper security measures.

Lastly, always make sure that your backups are up to date before making significant changes to your setup. If you have specific questions about any of these steps, feel free to ask for more detailed instructions.