Secure Shell SSH in a Home Network
When SSH is installed on the machines in your home network, you can use it for file exchange between them. You can install openssh-server, openssh-client and openssh-ftp-server with the Software Manager in Linuxmint or use apt (see the Ubuntu page on SSH). File exchanges of relatively small files are comfortable that way over WLAN. For large files without LAN connections on the other hand I´d rather suggest an exchange with an USB stick, since transfers with encryption through a WLAN are relatively slow. The same holds for FTP connections between your home machines. The rule for the UFW firewall and open port 22 in a home network 192.168.178.0/24 is:
sudo ufw allow from 192.168.178.0/24 to any port 22.
You can then mount the directories of your ssh server directly on any machine in your home network with the filemanger Caja by “Connect to Server” in the “File” menu point left at the top of it.
FTP Server in a Home network
Scenario: You have several machines in your network and maybe some friends nearby with a connection to your router within your private network. You want file transfers between the machines. Or you want to use FTP (file transfer protocol) even from outside. Then you have to configure the ftp services on the machines. In what follows I’ll give you a recipe how to accomplish that. You have to do this for every machine, which shall offer the ftp service. The following root commands are listed for copy&paste in the download file Root-Commands.txt.
1) Install vsftpd (very secure ftp daemon): Take the Software Manager in Linuxmint for that or use sudo apt install vsftpd. If you want to use SSL, install also openssl.
2) Edit as root the file /etc/vsftpd.conf (see also the Ubuntu page on FTP). You can download my example file vsftpd.conf, if you like. It configures vsftpd so that users on the server machine can login with a ftp-client like Filezilla with their user account to the filesystem. Users like friends without an account on the server can login without a shell and are restricted to the directory /home/ftp on the server, where they have read and write permission all together. Thus this folder is shared for all of them. Of course more sophisticated configurations are possible. In my configuration, ssl is used which requires to generate a certicate. See at the end of vsftpd.conf and the commands in my download file Root-Commands.txt.
3) Create the group ftpuser and add as members those users on the machine who shall have access to the server.
4) Create as root the directory /home/ftp and type “sudo chown yourname:ftpuser /home/ftp” with permissions 770, i.e. drwxrwx—-(“sudo chmod -R 770 /home/ftp“).
5) Add as root the line /bin/false to the file /etc/shells. Otherwise the users without shell cannot connect to the server.
6) Generate as root the file /etc/vsftpd.chroot_list and insert the usernames line by line that are not restricted to /home/ftp. You can download my example of vsftpd.chroot_list.
7) Generate the users that can login to the server without a shell and are restricted to the shared /home/ftp directory. Add as root each user by the command
sudo adduser –shell /bin/false –home /home/ftp/ –no-create-home –ingroup ftpuser username
and give them strong passwords. Restart and enable vsftpd: “sudo systemctl restart vsftpd“, “sudo systemctl enable vsftpd“.
8) Open the ftp ports in your firewall for your home-network, 192.168.178.0/24 for example
sudo ufw allow from 192.168.178.0/24 to any port 20,21,10000:10100 proto tcp
.
Analogously allow in your firewall the ports only for specific public ipv4 addresses of your ftp-users outside. Your ftp-users can cheaply obtain for example a dedicated ip address from a VPN provider. Be aware of the risks, choose really strong passwords for the users in that case (use 14-16 mixed characters for that) and dont give them a shell. You dont have any control, whether external user logins are compromised. However, then also configure the Port Forwarding to your server in the router and modify your /etc/vsftpd.conf so that passive transfer setting works (see the bottom lines of my example). In the last case you need an ipv4 address. Currently one can obtain a public (dynamic) ipv4 address for about 5€ per month from DSL-Providers. With that address one can register free of charge for a DynDNS Server, like DYNU and configure DynDNS in the router with the domain name, username, password there and the Update URL (see for example my router page for DynDNS in the Fritz.Box). Since these ipv4 addresses are dynamic, i.e. your provider changes them sometimes, you need also an according update of your file /etc/vsftpd.conf with the changed ipv4 for passive transfer mode. This is nessesary, if the client is behind a NAT in his router what is usually the case.
For updating vsftp.conf periodically you can copy a shell script, which updates your ipv4 address, when you run it as cron-job. You can find it and my according
/etc/crontab from the content of my download file Root-Commands.txt. Make it executable as ipcheck.sh and save it somewhere in your home directory, from which it is called from your according crontab.
Once there are only ipv6 addresses left in the internet, changes must be made in the routing to your server in the future.
That’s it. Restart your server and test with a ftp client like Filezilla your configuration: a) with local user accounts, listed in vsftpd.chroot_list, b) with users with a shell on your PC but not in vsftpd.chroot_list and c) with created users restricted to /home/ftp. A status check is obtained by sudo systemctl status vsftpd.
For exchange of large files or with friends outside of your router’s home network I do not recommend an own ftp server with exposed open ports. A more secure and in many aspects better solution is a joint external server for file exchanges.. There are offers free of charge like pcloud in Switzerland and others or offers for Webhosting by Manitu or Hetzner with servers in Germany (DSVGO) and offers for Virtual Private Servers (VPS) by Contabo, Host-On et. al. These are cheap and include ftp access to the booked domains. There you don’t have to worry that much about configuration of a secure web- and ftp-server. Never hold private data in a publicly accessible storage.
Remote Desktop in a Home Network
When you want to use Linux systems in your home network with a remote desktop access, you can test for example NoMachine or Remmina. I had them installed for a while, they worked well, but I no more use them, because I dont need them.
Create timely Backups of your system for example with Penguins`Eggs after relevant changes.
I wish you success with your first networking examples and a good time in the Linux community and later professional work.