As a self professed minimalist, I’ve long been a fan of the axiom “Perfection is attained not when there is nothing more to add, but when there is nothing left to take away”, penned by Antoine de Saint Exupéry. When working with complex systems, one typically finds that the best solution to a problem is often the simplest. Already this is true in digital security, where complexity itself can stand at odds with the goals of securing a system. But also the operation of a system can suffer. This can manifest when placing abstraction upon abstraction in front of something whose function should be dead simple.
I see it in circles of tech enthusiasts deliberating among themselves the best way to share media to other devices, or to create network drives for aggregate storage, or for distributing backups. It seems every few weeks there is a new contender waiting to gift wrap all this functionality up cleanly into a sleek, web service inspired abstraction that will incur more in maintainence burden than its initial value proposition. Just recently some sailors were up in arms about a popular video streaming abstraction layer beginning to charge for once-gratis features. They were already paying to do something so basic?
I don’t quite understand their plight, because if one has already gone to length to setup a home server, then it should already be equipped with one of the most powerful and versatile tools: OpenSSH.
And, if not, how were they administrating said server? Well, probably through bloaty web front-end abractive layers, right. But we don’t need any of that. We have access to better options.
What are these secret dark arts? You may already know, but here’s a refresher:
Stream video from your massive collection of movies that you ripped from your DVD collection that you legally own.
mpv sftp://192.168.1.123:/home/remote-user/Films/Miami\ Connection.mkv
Need to specify a different user? A different port? Password even?
mpv "sftp://remote-user:password@192.168.1.123:13383:/home/remote-user/Films/Miami Connection.mkv"
The SCP way, available wherever openssh is installed. Pull a file down from the server.
scp -P 43900 user@192.168.1.123:/home/remote-user/Books/The\ Theory\ of\ Generativity\ -\ David\ G.\ Post.pdf Documents/
Or send an entire directory to the server.
scp -P 43900 -r Audio/Album user@192.168.1.123:/home/remote-user/Music/
Or with rsync which is even more robust and which you likely already have installed.
rsync -e 'ssh -p 1234' Audio/Album user@192.168.1.123:/home/remote-user/Music/
But rsync can leap even higher. Let’s say you want to send something over a jump host hop.
rsync --progress -av -e 'ssh -p 1234 -J jump-user@66.66.66.66:22591' Videos/Youtube\ Channels/Jaboody\ Dubs\ Archive remote-user@192.168.1.123:/home/remote-user/Videos/
The -p switch nested within rsync’s -e switch arguments specifies the port to the target computer that sits adjacent to the jump host. The -J switch specifies the jump host itself along with its port included in the extended address.
But let’s say you’ve been moving a lot of data around and the remote ISP at your jump host had begun throttling or blocking traffic originating from your IP address. Time to get crafty.
torsocks rsync --bwlimit=0.3m --progress -av -e 'ssh -p 1234 -J jump-user@66.66.66.66:22591' Videos/Youtube\ Channels/Jaboody\ Dubs\ Archive remote-user@192.168.1.123:/home/remote-user/Videos/
By pushing the transfer over Tor, the effort to block your connection becomes a game of hydra slayer to the remote ISP at your jump host. Additionally, by limiting the bandwidth yourself with –bwlimit=, not only are you being more respectful of the Tor network’s capacity, but your transfer won’t appear so readily as abuse to the remote ISP, even if you opt not to use Tor.
My ISPs watching yet another 50GB of traffic shuffle through Tor
LibreOffice exposes functionality for interacting with documents residing on OpenSSH servers. We don’t need to use some “Cloud” (somebody else’s computer). Within LibreOffice Writer, navigate to File > Open Remote…
On the Managed Services dropdown, select Add Service. A File Services dialogue will launch to take your SSH server credentials and documents directory path.
Once it has been added, your remote document files can be browsed and accessed.
LibreOffice Writer can also take domain names for such documents hosted at a server hosted outside the LAN. No need for reimplementations of commercial products which force users through a web application.
SSH was practically built for this. I feel this hardly needs explaining. Webmin panels aren’t needed and they serve to expose yet another service for bots to pry at. Use top for system monitoring. Take a look at nethogs for bandwidth monitoring. nnn for directory navigation. Local mail and log monitoring. It’s all right there, accessible through the terminal.
As can be seen, the use cases for openssh-server are varied and diverse despite it predominantly being viewed simply as a CLI conduit to remote systems. I think you’ll find that a tiny, low power box running a bare minimum software compliment, tucked away in a dusty corner can serve up quite a lot without having to overthink things.