Tip, secure communication channel from remote site to your home computer, for file transfers and for browsing internet

This blog is miscellaneous add-on to the earlier blogs Tip, personal online file storage by using your home computer and Privacy and internet communication.

In the first blog, the solution for online storage was build by using

  • In home computer:
    • freeftpd
    • dynamic dns service (for example dyndns) and
    • dynamic dns update client
  • In remote (client) computer:
    • WinSCP

The tools were used to create secure (encrypted) communication to home computer.

Please note that for storing files into a cloud environment, one also need to encrypt files for more secure storage (by using Truecrypt, for example. I’ll try to create a blog for that later).

In the second blog, the secure communication was setup in the client side by using tools like

  • Putty or MyEnTunnel for creating secure connection
  • Firefox for browsing via above mentioned secure connection

In this blog, one secure connection is used to share both needs:

  • file transfer
  • Internet browsing

For example, if one does not have a trusted host (provider) in internet to protect your communication, then one could consider using your home computer. In this way, one can protect the communication at least up to your home computer.

What is needed?

  • In the home computer:
    • SSH server (see below chapter)
    • dynamic dns service (for example dyndns) and
    • dynamic dns update client
  • In remote (client) computer:
    • WinSCP for file transfer
    • MyEnTunnel for creating and maintaining secure connection
    • Browser, like firefox, to connect to internet via MyEnTunnel (and via home computer)

SSH server

There are several variants to choose from (see licensing terms, free for personal/non-commercial use):

  • OpenSSH (instructions example)
    • no GUI and therefore more complex setup
    • Can forbid/allow shell access, file transfer and forwarding separately (PLUS)
    • Allows also shell access (MINUS) together with file transfer, forwarding can be controlled
    • Can forbid/allow shell access, file transfer and forwarding separately (PLUS)
    • Can ban client IP address when brute force attack is detected (PLUS)

My favorites are Bitwise SSH Server and SilverSHield, since both can deny access to command shell. In addition, brute force detection in SilverSHield is important add-on if running these functions as service (mostly ON and active).

BitWise SSH Server Screenshot:

ssh-server-bitwise

SilverSHielD Screenshot:

ssh-server-silvershield

The brute force detection setting is done in this page: number of failed attempts and ban time can be define.

ssh-server-silvershield2

 

Note

Both these product do have commercial editions as well, and they are good choises since one can expect maintenance updates etc. With SilverSHielD, however, I was having connection problems with their main site?

Note

Creating secure connection to home computer also means that one need to have one port open that is accessable via internet. Some products contains filtering options for allowed client IP or IP range. However, monitoring is required to detect possible attacks, and one would need find a way to receive alerts from these tools.

This entry was posted in Anvanced Tools, Tips. Bookmark the permalink.

Comments are closed.