What's new

Get access to HDD connected to RT-AC87U via SFTP (WAN)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

harrenkyym

Occasional Visitor
Hi, everyone! I'm new here -and in this little world of tweaking the router-. I've read a lot of posts and I think I am in a very advanced point of what I want to reach.

My goal: to have my own video library at home, using Kodi, for the whole family and even to make it accessible where I'm who knows where.

So it must be very very very secure++++++ because sharing this kind of files is obviously illegal and I don't want to finish in jail. What I've done until now is installing Entware (and a few scripts like Diversion, Skynet, etc) and the SFTP server.

Here's my router's config:
rSgXeBo.png

What I have realized is that it goes back to LAN only (I've had to switched to LAN+WAN twice) I don't know why.
I have a very important question at this point: how can I secure, really really secure my net? I've generated an ssh key but I don't really know what to do with it (I have a file called id_rsa and another one id_rsa.pub in a ssh folder) and I also have the randomart image. I'm also interested in not using my router user+pass for logging to the "server" because it's possible that I'll share it with my sister so my nephews can enjoy it too, but just them, as I said I don't want to finish behind bars.

I've done a test (https://www.infobyip.com/sshservertest.php) and it says it's ok:
checkmark.png
Connected to xxx.xxx.xxx.xxx:53478
checkmark.png
Server fingerprint is xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I've also used WinSCP to connect to my public IP and my local IP and it was successful, I can browse through my HDD. With Kodi, after installing the compatibilty with SFTP, I can get to it too.

Where comes the problem? I tried to connect to my own "server" using Solid Explorer in Android and it was OK, but I was using my wifi to do it, so at the end it was kind of local, so I swapped to 4G and I tried to do the same and THERE came the problem. I can't connect and I don't know how to do it.

Can someone help me, please? Thank you very much.

PS: If there is a way to have my own video library with a different protocol much more secure, I'm open to it too. Thank you again!

EDIT: I registered in no-ip.com and it seems it solved the main problem, right now my Galaxy S8 using 4G is playing a movie from my hdd connected to the router. So the thing now is... to have a paying DDNS is worthy? I have to say the streaming (x265 with low bitrate, kind of yify) is absolutely perfect. But I don't know, maybe paying it makes it safer (no clue about that).
I still have the problem of LAN+WAN swapping back to LAN only and my concern about the security of this at this stage. Thank you again.
o2LlccT.png

-----------------
yW1seZb.png
 
Last edited:
Hi, everyone! I'm new here -and in this little world of tweaking the router-. I've read a lot of posts and I think I am in a very advanced point of what I want to reach.

My goal: to have my own video library at home, using Kodi, for the whole family and even to make it accessible where I'm who knows where.

So it must be very very very secure++++++ because sharing this kind of files is obviously illegal and I don't want to finish in jail. What I've done until now is installing Entware (and a few scripts like Diversion, Skynet, etc) and the SFTP server.

Here's my router's config:
rSgXeBo.png

What I have realized is that it goes back to LAN only (I've had to switched to LAN+WAN twice) I don't know why.
I have a very important question at this point: how can I secure, really really secure my net? I've generated an ssh key but I don't really know what to do with it (I have a file called id_rsa and another one id_rsa.pub in a ssh folder) and I also have the randomart image. I'm also interested in not using my router user+pass for logging to the "server" because it's possible that I'll share it with my sister so my nephews can enjoy it too, but just them, as I said I don't want to finish behind bars.

I've done a test (https://www.infobyip.com/sshservertest.php) and it says it's ok:
checkmark.png
Connected to xxx.xxx.xxx.xxx:53478
checkmark.png
Server fingerprint is xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I've also used WinSCP to connect to my public IP and my local IP and it was successful, I can browse through my HDD. With Kodi, after installing the compatibilty with SFTP, I can get to it too.

Where comes the problem? I tried to connect to my own "server" using Solid Explorer in Android and it was OK, but I was using my wifi to do it, so at the end it was kind of local, so I swapped to 4G and I tried to do the same and THERE came the problem. I can't connect and I don't know how to do it.

Can someone help me, please? Thank you very much.

PS: If there is a way to have my own video library with a different protocol much more secure, I'm open to it too. Thank you again!

EDIT: I registered in no-ip.com and it seems it solved the main problem, right now my Galaxy S8 using 4G is playing a movie from my hdd connected to the router. So the thing now is... to have a paying DDNS is worthy? I have to say the streaming (x265 with low bitrate, kind of yify) is absolutely perfect. But I don't know, maybe paying it makes it safer (no clue about that).
I still have the problem of LAN+WAN swapping back to LAN only and my concern about the security of this at this stage. Thank you again.
o2LlccT.png

-----------------
yW1seZb.png
SSH access from WAN is asking for trouble! Use VPN to connect to the LAN from outside then to the drive with SMB. Better yet get a NAS which has much better performance for file storage and just might have secure web access.
 
just might have secure web access
Some will also have a Plex server (or equivalent), video transcoders, etc although I prefer the simple VPN to internal samba myself.

I don't really like Plex, but it can solve playback issues by transcoding the content for lower bitrate to allow for slower connections, make the files more portable, etc
 
Last edited:
So the thing now is... to have a paying DDNS is worthy
Personally I wouldn't bother. Some ISPs offer a static IP for next to nothing ($4/MTH) or use one of many free DDNS servers. I have a static IP from one ISP and use the Asus free DDNS for another ISP. Unless you encounter a specific issue, free should be fine.
 
Last edited:
Skynet will be responsible for changing SSH back to LAN only.

Use plex and its remote access. Much more secure than exposing a nerve like ssh/sftp over the Internet.
 
SSH access from WAN is asking for trouble! Use VPN to connect to the LAN from outside then to the drive with SMB. Better yet get a NAS which has much better performance for file storage and just might have secure web access.

What about setting my own VPN? I've been investigating and yet it's not easy, it's something I could do, but I still having doubts about the privacy.

Some will also have a Plex server (or equivalent), video transcoders, etc although I prefer the simple VPN to internal samba myself.

I don't really like Plex, but it can solve playback issues by transcoding the content for lower bitrate to allow for slower connections, make the files more portable, etc

I don't like Plex either + my idea is to use Kodi.

Personally I wouldn't bother. Some ISPs offer a static IP for next to nothing ($4/MTH) or use one of many free DDNS servers. I have a static IP from one ISP and use the Asus free DDNS for another ISP. Unless you encounter a specific issue, free should be fine.

Free then, ok.

Skynet will be responsible for changing SSH back to LAN only.

Use plex and its remote access. Much more secure than exposing a nerve like ssh/sftp over the Internet.

As I said I'm not a Plex fan as I want to use Kodi (there is a scraper which is cornerstone for me), but just using Plex server resolves my "problem" (or Emby, another good option in this case, which one would be better?)?


Thank you all, guys!
 
Last edited:
Why is everyone so against ssh? If you disable password login, and use public/private keys, it's pretty secure for anonymous attempts. And if you're worried, you can set a passphrase for the private key, and it protects against even local access.

And by the way, if you have an extensive music library, Plex is great for that if you're willing to pay a bit for a Plex pass. There is an app they have, Plexamp, that is very good and works both remotely and locally with no problems. I run it on an old laptop, and like it better than any of the streaming services I've used.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top