1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Get access to HDD connected to RT-AC87U via SFTP (WAN)

Discussion in 'Asuswrt-Merlin' started by harrenkyym, Oct 18, 2019.

  1. harrenkyym

    harrenkyym New Around Here

    Joined:
    Oct 18, 2019
    Messages:
    8
    Hi, everyone! I'm new here -and in this little world of tweaking the router-. I've read a lot of posts and I think I am in a very advanced point of what I want to reach.

    My goal: to have my own video library at home, using Kodi, for the whole family and even to make it accessible where I'm who knows where.

    So it must be very very very secure++++++ because sharing this kind of files is obviously illegal and I don't want to finish in jail. What I've done until now is installing Entware (and a few scripts like Diversion, Skynet, etc) and the SFTP server.

    Here's my router's config:
    [​IMG]
    What I have realized is that it goes back to LAN only (I've had to switched to LAN+WAN twice) I don't know why.
    I have a very important question at this point: how can I secure, really really secure my net? I've generated an ssh key but I don't really know what to do with it (I have a file called id_rsa and another one id_rsa.pub in a ssh folder) and I also have the randomart image. I'm also interested in not using my router user+pass for logging to the "server" because it's possible that I'll share it with my sister so my nephews can enjoy it too, but just them, as I said I don't want to finish behind bars.

    I've done a test (https://www.infobyip.com/sshservertest.php) and it says it's ok:
    [​IMG] Connected to xxx.xxx.xxx.xxx:53478
    [​IMG] Server fingerprint is xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    I've also used WinSCP to connect to my public IP and my local IP and it was successful, I can browse through my HDD. With Kodi, after installing the compatibilty with SFTP, I can get to it too.

    Where comes the problem? I tried to connect to my own "server" using Solid Explorer in Android and it was OK, but I was using my wifi to do it, so at the end it was kind of local, so I swapped to 4G and I tried to do the same and THERE came the problem. I can't connect and I don't know how to do it.

    Can someone help me, please? Thank you very much.

    PS: If there is a way to have my own video library with a different protocol much more secure, I'm open to it too. Thank you again!

    EDIT: I registered in no-ip.com and it seems it solved the main problem, right now my Galaxy S8 using 4G is playing a movie from my hdd connected to the router. So the thing now is... to have a paying DDNS is worthy? I have to say the streaming (x265 with low bitrate, kind of yify) is absolutely perfect. But I don't know, maybe paying it makes it safer (no clue about that).
    I still have the problem of LAN+WAN swapping back to LAN only and my concern about the security of this at this stage. Thank you again.
    [​IMG]
    -----------------
    [​IMG]
     
    Last edited: Oct 18, 2019
  2. bbunge

    bbunge Very Senior Member

    Joined:
    Aug 11, 2014
    Messages:
    999
    Location:
    Pennsylvania USA
    SSH access from WAN is asking for trouble! Use VPN to connect to the LAN from outside then to the drive with SMB. Better yet get a NAS which has much better performance for file storage and just might have secure web access.
     
    dosborne likes this.
  3. dosborne

    dosborne Senior Member

    Joined:
    May 11, 2019
    Messages:
    316
    Location:
    /dev/null
    Some will also have a Plex server (or equivalent), video transcoders, etc although I prefer the simple VPN to internal samba myself.

    I don't really like Plex, but it can solve playback issues by transcoding the content for lower bitrate to allow for slower connections, make the files more portable, etc
     
    Last edited: Oct 18, 2019
    Greg72 likes this.
  4. dosborne

    dosborne Senior Member

    Joined:
    May 11, 2019
    Messages:
    316
    Location:
    /dev/null
    Personally I wouldn't bother. Some ISPs offer a static IP for next to nothing ($4/MTH) or use one of many free DDNS servers. I have a static IP from one ISP and use the Asus free DDNS for another ISP. Unless you encounter a specific issue, free should be fine.
     
    Last edited: Oct 18, 2019
    Greg72 likes this.
  5. Jack Yaz

    Jack Yaz Part of the Furniture

    Joined:
    Apr 20, 2017
    Messages:
    2,469
    Skynet will be responsible for changing SSH back to LAN only.

    Use plex and its remote access. Much more secure than exposing a nerve like ssh/sftp over the Internet.
     
    Greg72 likes this.
  6. harrenkyym

    harrenkyym New Around Here

    Joined:
    Oct 18, 2019
    Messages:
    8
    What about setting my own VPN? I've been investigating and yet it's not easy, it's something I could do, but I still having doubts about the privacy.

    I don't like Plex either + my idea is to use Kodi.

    Free then, ok.

    As I said I'm not a Plex fan as I want to use Kodi (there is a scraper which is cornerstone for me), but just using Plex server resolves my "problem" (or Emby, another good option in this case, which one would be better?)?


    Thank you all, guys!
     
    Last edited: Oct 20, 2019