diff options
author | https://www.google.com/accounts/o8/id?id=AItOawnZEanlyzay_QlEAL0CWpyZcRTyN7vay8U <Carlo@web> | 2012-11-30 14:38:42 +0000 |
---|---|---|
committer | admin <admin@branchable.com> | 2012-11-30 14:38:42 +0000 |
commit | 300cbe031601282b291aa15f88d25056810242bd (patch) | |
tree | 4dd156de0b28bdcaec88ff61e24a1f5eacd9f424 /doc/tips/Decentralized_repository_behind_a_Firewall.mdwn | |
parent | 2107868bee3c324760aabe745a61c444570f7edb (diff) |
Use case for two-way sync using your own metal
Diffstat (limited to 'doc/tips/Decentralized_repository_behind_a_Firewall.mdwn')
-rw-r--r-- | doc/tips/Decentralized_repository_behind_a_Firewall.mdwn | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/doc/tips/Decentralized_repository_behind_a_Firewall.mdwn b/doc/tips/Decentralized_repository_behind_a_Firewall.mdwn new file mode 100644 index 000000000..c43defe1a --- /dev/null +++ b/doc/tips/Decentralized_repository_behind_a_Firewall.mdwn @@ -0,0 +1,52 @@ +If you're anything like me, you have a copy of your annex on a computer running at home¹, set up so you can access it from anywhere like this: + + ssh myhome.no-ip.org + +This is totally great! Except, there is no way for your home computer to pull your changes, because there is no onthego.no-ip.org. You can get clunky and use a bare git repository and git push, but there is a better way. + +First, install openssh-server on your on-the-go computer + + sudo apt-get install openssh-server + +Then, log into your home computer, with *port forwarding*: + + ssh me@myhome.no-ip.org L 2201:localhost:22 + +Your home computer can now ssh into your on-the-go computer, as long as you keep the above shell running. Presto, you can use the same shell to set up your remote: + + ssh-keygen -t rsa + ssh-copy-id localhost -p 2201 + cd ~/annex + git annex remote add on-the-go ssh://localhost:2201/home/myuser/annex + +And run normal annex operations: + + git annex sync + git annex get on-the-go some/big/file + git annex status + +You can add more computers by repeating with a different port, e.g. 2202 or 2203 (or any other). + +If you're security paranoid (like me), read on. If you're not, that's it! Thanks for reading! + +--- paranoid area --- + +Note you're granting passwordless access to your on-the-go computer to your home computer. I believe that's all right, as long as: + +* Your home computer is really in your home, and not at a friend's house or some datacenter +* Your home computer can be accessed only by ssh, and not HTTP or Samba or NTP or (shoot me now!) FTP +* Only you (and perhaps trustworthy family) have access to your home computer +* You have reasonably strong passwords or key-only logins on both your home and on-the-go computers. +* You regularly install security updates on both computers (sudo apt-get update && sudo apt-get upgrade) + +In any case, the setup is much, much, much more secure than Dropbox. With Dropbox, you have exactly the same setup, but: + +* Your data is stored in some datacenter. It's supposed to be encrypted. It might not be. +* Lot's of people have routine access to your files, and plausible reason to. Bored employees might regularly be doing some 'maintenance work' involving your pictures. +* The dropbox software can do anything it likes on your computer, and it's closed source and can't be audited +* Any dropbox employee can conveiably use your installed dropbox to look at any file on your computer +* A truly huge amount of eyes connected to incredibly smart brains have looked at openssh and found it secure. Everybody trusts openssh. With dropbox, there is, well, dropbox. Whoever that is. + +----- + +¹ My always-on computer at home is a raspberry pi with a 32GB USB stick. Best self-hosted dropbox you could imagine. |