Any way to remotely transfer files to/from Retropie?
-
@clyde said in Any way to remotely transfer files to/from Retropie?:
See TeamViewer: Fraudulent Uses and LogMeIn Hamachi: Security for some examples as well as general security and privacy concerns.
Just as an always-on connection for SSH poses an brute-force security risk, if you configure TeamViewer/LogmeIn as a windows service and exposed to the internet you'll get the same exposure and risk, and the same can be said for any public facing log in service (RDP). However, starting them on-demand, just when you need to connect, will not pose the same risk since there's no listening port and the connection is always approved by the destination user. For me, that's always safer than letting SSH open to the internet.
-
@clyde any remote connection exposed to the internet is a security risk. I'm a Cisco network engineer with 13 years experience and know the risks fairly well. As @mitu said, a common protocol left open is a risk to brute force attacks and exploits and I would only recommend using them if you know what you're doing and can isolate and/or protect the risk on your network. As this situation seems to involve non-technical users, a remote session to the machine via logmein or TeamViewer then SSH to the Pi makes much more sense to me. I agree that these are not without risk as well, but if only ran when required, then it should be ok. Also, it required less technical know-how that enabling and disabling port forwarding or SSH on demand imho.
-
teamviewer and putty?
-
What I would do if one of you have a decent (not cable company provided) router, set up a VPN server on the router (OpenVPN is pretty easy and has tutorials). Then the other would use their OpenVPN client to connect. Then it will be just like you are on the same network.
-
@markyh444 I agree with you that any remote connection is a security risk, sure. Not to have an opening is ofcourse more secure than to have one, as well guarded as it might be.
But I think it's not that big of a risk to leave an ssh connection exposed to the internet. As long as you set a decently strong password (I'm talking 20-30 random characters) you will be fine. The connection has to be targeted specifically (while the Pi is running or otherwise there would not be anything to target) to be brute forced or otherwise exploited which is pretty unlikely. Plus, as I suggested, the port forwarding can be disabled when not needed to further lower the risk of abuse, which should of course always be preffered to leaving the connection exposed.
Yeah, using programs like logmein or teamviewer might be slightly easier but imo port forwarding is pretty much a nobrainer with most modern (consumer) routers and besides not everybody is comfortable with using connections which are established through third party servers (those connections and connection attempts can also be tempered with).
Cheers!
-
@piratefish
I would add, if you want to leave an SSH server exposed :- Set a strong (obviously no-default) password
- Choose a random/non-default port (aka not 22). Most bots try default ports.
- Use an utility like fail2ban to avoid brute force.
With those rules, I had a computer with ssh exposed for many years without issue, but I kind of knew what I was doing and checked the logs on a regular basis., as well as potential rootkits
I second the VPN solution, as well as the on-demand remote application. -
@sano Agreed! Further security measures never hurt! If you know how to set them up, do so! :)
Just to be clear, remote applications are imo fine to use as well.
VPN would also be my personal preffered method to be honest. I just thought it might be to hard to set up properly (which is integral for security; a sloppily set up VPN might work, but might also easily be less secure than a forwarded ssh connection).
Plus, just for the record, a VPN suffers from the same "problem" of being a constantly exposed connection. ;-)Cheers!
-
@piratefish I understand that you can take measures to secure your SSH connection, which was why I said I wouldn't recommend it to people who didn't know what they were doing. If you have the technical knowledge, and can limit/isolate the risk posed, then that's fine.
The original post suggests an OK amount of technical knowledge, but not enough to recommend it as the best option in this instance.
-
What about this link to a guide I found that seems to suggest what you are looking for, but needs some software setting up on the RPI3 as well. Once its all been set it, it appears its like Remote Desktop access similiar to Windows versions
-
Thank you all for the civilized discussion I hoped for. :) I want to add that I, too, accept remote viewers as a valid option, I just prefer the KISS principle of simplicity, proven open source solutions, and as little third-party involvement as possible.
The one common thing all solutions mentioned here is that they're only as good as the passphrases or public keys used to secure them, which can't be stressed often enough.
Have a nice day
Clyde -
Wow, this discussion took on a life of its own. Very fascinating to read. I don't know, most of this sounds like it might be over the heads of my nephew, my brother-in-law, and me. I certainly don't want to do anything that will expose their network to attacks.
I think I'll just plan to do little updates and tweaks with him when I'm in town visiting. Will be a good excuse to teach him a little about tinkering with electronics and code.
Thanks again for the great suggestions.
-
@clyde That's it! The KISS principle. I like that one.
@sub_atomic I hope we did not "scare you away" from setting up a remote connection. Just take your time, read up on how to do it properly and you'll be fine.
But doing it together with your nephew is a thing that I can 100% second. Passing on the love for and knowledge of tinkering and a little coding and IT stuff is always something good. :)
Cheers!
Contributions to the project are always appreciated, so if you would like to support us with a donation you can do so here.
Hosting provided by Mythic-Beasts. See the Hosting Information page for more information.