| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 120233 | 2011-08-31 01:58:00 | Setting up https | jcr1 (893) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1227580 | 2011-08-31 01:58:00 | I have a synology server. I have it set up for remote connections etc; using http and ftp. Works well, but my son thinks I should improve the security with these actions. I can change to sftp (I think) simply by blocking port 21 and forwarding port 22. Mind you with my Thomson router, it's a bit of a trick, but doable. Https, has me a bit stumped, I need to obtain ssl certificates etc. How do I do this? I have an account with Dyndns, which enables me to use a static ip with a dynamic ip; this also works very well, but at a glance they charge bigtime annually for generating the appropriate certificate etc.. I have a feeling this can be done with no cost. Being able to log on to my server remotely, is very useful. Particularly when I'm away and can upload photos etc. Any thoughts on any of the above? Whew! new look to the site:stare: |
jcr1 (893) | ||
| 1227581 | 2011-08-31 07:52:00 | No idea what a synology server is but ... SFTP uses your ssh server instead of FTP and is much more secure. I would recommend using a high port rather than 22 to avoid constant hammering by bots. What webserver does it run? Apache? Or IIS (shudder)? HTTPS requires opening port 443 and getting a SSL cert. You can buy one from a CA or generate your own. Self-signed certs generate security warnings in most browsers, but that is due to not being able to verify the signor, the encryption is identical. |
fred_fish (15241) | ||
| 1227582 | 2011-08-31 09:01:00 | Is this a Synology diskstation? If so, forwarding port 22 to port 22 on the NAS would be fine - it runs a version of Linux, and as such you can connect to it using SFTP/SCP (and even SSH to it if you want to mess with its internals). How are you doing the HTTP component of it? |
somebody (208) | ||
| 1227583 | 2011-08-31 09:05:00 | Thanks Fred, basically this is what my Synology server is; www.synology-distribution.de it does run Apache:thumbs: How do I go about generating my own ssl cert? I don't think I'd be too worried about the security warnings from a self generated one.....maybe. |
jcr1 (893) | ||
| 1227584 | 2011-08-31 09:19:00 | www.debian-administration.org That is the fairly basic procedure, but there may be some hoops to jump through depending on the synology configuration. Edit: the 'security warning' is bogus, it just means you haven't paid the tax to get into the browsers "trusted" authority chain. That trust has recently been shown to be dubious, as one (or more) CA's have been compromised, also the Iranian govt has been reported to be successfully faking google certs to keep an eye on gmail users. |
fred_fish (15241) | ||
| 1227585 | 2011-08-31 09:33:00 | www.debian-administration.org That is the fairly basic procedure, but there may be some hoops to jump through depending on the synology configuration. Edit: the 'security warning' is bogus, it just means you haven't paid the tax to get into the browsers "trusted" authority chain. That trust has recently been shown to be dubious, as one (or more) CA's have been compromised, also the Iranian govt has been reported to be successfully faking google certs to keep an eye on gmail users. You shouldn't try something like that on the DiskStations - they run a cut down Linux distribution with some code from Synology to give you the nice web UI management console. If you mess with the stuff under the hood too much, you could break things. |
somebody (208) | ||
| 1227586 | 2011-08-31 11:04:00 | Is this a Synology diskstation? If so, forwarding port 22 to port 22 on the NAS would be fine - it runs a version of Linux, and as such you can connect to it using SFTP/SCP (and even SSH to it if you want to mess with its internals). How are you doing the HTTP component of it? Thanks somebody. I'm a bit dubious of mucking around with this machine too much. It does a pretty good job, as it is. I just want to extend its functionality a bit. Port 22 is what I thought I should use. I've opened up port 80 for http and port 5000 for remote admin, also port 7000 for the file station; I guess if I used https I would be a lot more secure with all this. Although using a client like Filezilla with SFTP is a compelling option - so good for moving files around. Another option with the NAS, is WebDAV, do you know anything about this? |
jcr1 (893) | ||
| 1227587 | 2011-08-31 11:46:00 | Thanks somebody. I'm a bit dubious of mucking around with this machine too much. It does a pretty good job, as it is. I just want to extend its functionality a bit. Port 22 is what I thought I should use. I've opened up port 80 for http and port 5000 for remote admin, also port 7000 for the file station; I guess if I used https I would be a lot more secure with all this. Although using a client like Filezilla with SFTP is a compelling option - so good for moving files around. Another option with the NAS, is WebDAV, do you know anything about this? You are opening these to the world? :stare: Hope they've fixed these www.google.com You would be MUCH more secure forwarding it all through a single ssh connection (on a non-standard port). ...assuming it runs a standard ssh server. |
fred_fish (15241) | ||
| 1227588 | 2011-08-31 12:06:00 | You are opening these to the world? :stare:. Not anymore. I got worried about it and just blocked all those ports until I can figure a better method. I'd have to install an ssh server, which from the tutorials looks kind of complicated. I'll think about this; I might not even proceed. |
jcr1 (893) | ||
| 1227589 | 2011-08-31 12:15:00 | forum.synology.com Get puTTY Set the required forwards under SSH - Tunnels Secure access from anywhere.:D This may help: pcloadletter.co.uk |
fred_fish (15241) | ||
| 1 2 | |||||