UFS How to access my storage HDD over LAN

B

badfrogg

So I have built this media server appliance with FreeBSD. The server is a headless small form factor PC and its only purpose is to run this server.

I have been working on it through the serial port CLI only up to this point. I have my server running and my storage drive formatted and mounted.

What I need now is to know the best method to start moving my media over the the server storage drive.

I have a fast LAN and was thinking FTP. Anyone want to chime in and help? I am not familiar with FreeBSD but have been slowly learning the basics.

Oh and I need to figure out how to SSH so I can stop using the serial port for CLI.
 
I got the SSH working. I hope that this is not insecure though. What I did was:
Code: 
# edit /etc/ssh/sshd_config
and added:
Code: 
PermitRootLogin yes

I use putty and the console window says "Using keyboard-interactive authentication."

What dose that mean? Is it Ok to be SSHing into the system this way?
 
Ok. I got the FTP working. all I did was turn it on.
Code: 
edit /etc/rc.conf
and added
Code: 
ftpd_enable="YES"

So... How insecure is that? I just don't want someone to hijack my server and do bad stuff, ya know.
 
badfrogg said:
Code: 
ftpd_enable="YES"
So... How insecure is that? I just don't want someone to hijack my server and do bad stuff, ya know.
Click to expand...
Is your server directly exposed to the Internet? Or is there a firewall/gateway protecting it? The risk analysis is very different, depending. Regardless, I would never choose to use ftp if there was a viable alternative (like the secure shell's scp command).
badfrogg said:
Code: 
PermitRootLogin yes
I use putty and the console window says "Using keyboard-interactive authentication."
What dose that mean? Is it Ok to be SSHing into the system this way?
Click to expand...
Do you need login as root? Why? It is far more usual (and much safer) to login as yourself and use su or sudo to obtain root privilege when required.

The "keyboard-interactive authentication" tells you that it's using a password based authentication. Google "ssh-keygen howto" for secure shell key based methods, which are much better.
There's a lot written about using ssh keys. Linode looks like it might be a good place to start, especially if you have PuTTY in the mix.

We might be able to make more helpful suggestions if you provide some more details about "moving my media over the the server storage drive".
e.g. what are the clients, what O/S do they run, and what applications consume/create the data you want to move.
 
badfrogg said:
What I need now is to know the best method to start moving my media over the the server storage drive.
Click to expand...
The easiest to use, on a LAN, is to use NFS or net/samba410. If all your clients are Unix(-like) NFS would be preferred. If you have a mixed bag; media-players, Windows, MacOS, etc. use Samba.
 
My suggestion is always to install the file services which are natively supported by the clients. The main benefit is that you can mount network drives on the clients which do smoothly integrate into a desktop workflow. I do not consider FTP native in this respect - on all clients which I know, it feels like an add on. So yes, basically I support the suggestion of SirDice, although, I use net/samba410 for Windows clients only. For my macOS clients I use net/netatalk3 which was more performant, although the last comparing measurement was a few years ago (against samba 3.x).

Since I need only the file services, I strip down the samba4 build options to the bare minimum:
Code: 
┌──────────────────────────── samba410-4.10.8_1 ───────────────────────────────┐
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ [ ] ADS             Active Directory client(implies LDAP)                │ │
│ │ [ ] AD_DC           Active Directory Domain Controller                   │ │
│ │ [x] AESNI           Accelerated AES crypto functions(amd64 only)         │ │
│ │ [ ] CLUSTER         Clustering support                                   │ │
│ │ [ ] CUPS            CUPS printing system support                         │ │
│ │ [ ] DEBUG           Build with debugging support                         │ │
│ │ [ ] DEVELOPER       With developer framework(implies NTVFS)              │ │
│ │ [x] DOCS            Build and/or install documentation                   │ │
│ │ [ ] FAM             File Alteration Monitor                              │ │
│ │ [ ] GPGME           GpgME support                                        │ │
│ │ [ ] LDAP            LDAP client                                          │ │
│ │ [ ] MANDOC          Build manpages from DOCBOOK templates                │ │
│ │ [ ] NTVFS           Build *DEPRECATED* NTVFS file server                 │ │
│ │ [ ] PROFILE         Profiling data                                       │ │
│ │ [ ] QUOTAS          Disk quota support                                   │ │
│ │ [ ] SPOTLIGHT       Spotlight server-side search support                 │ │
│ │ [x] SYSLOG          Syslog logging support                               │ │
│ │ [x] UTMP            UTMP accounting                                      │ │
│ │─────────────────────────────── VFS modules ──────────────────────────────│ │
│ │ [ ] FRUIT           MacOSX and TimeMachine support                       │ │
│ │ [ ] GLUSTERFS       GlusterFS support                                    │ │
│ │─────────────────────── GSSAPI Security API support ──────────────────────│ │
│ │ (*) GSSAPI_BUILTIN  GSSAPI support via bundled Heimdal                   │ │
│ │ ( ) GSSAPI_MIT      GSSAPI support via security/krb5                     │ │
│ │────────────────────── Zero configuration networking ─────────────────────│ │
│ │ (*) ZEROCONF_NONE   Zeroconf support is absent                           │ │
│ │ ( ) AVAHI           Zeroconf support via Avahi                           │ │
│ │ ( ) MDNSRESPONDER   Zeroconf support via mDNSResponder                   │ │
│ │─────────────────────────────── DNS frontend ─────────────────────────────│ │
│ │ ( ) NSUPDATE        Use samba NSUPDATE utility for AD DC                 │ │
│ │ ( ) BIND911         Use Bind 9.11 as AD DC DNS server frontend           │ │
│ │ ( ) BIND914         Use Bind 9.14 as AD DC DNS server frontend           │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├──────────────────────────────────────────────────────────────────────────────┤
│                       <  OK  >            <Cancel>                           │
└──────────────────────────────────────────────────────────────────────────────┘
If you want zeroconf support, then be aware that Avahi drags-in tons of Poettering's stuff, while mDNSResponder besides being the original is still quite slim.

Finally, none of my Windows clients are configured to use the same user/password for Windows login and the Samba shares. I login to the samba shares on demand, and usually logout after I am ready. The possibility of a ransomware trojan gets access to some of my file services makes me scared.

Of course none of the file services, ftp, nfs, smb, afp are accessible via the internet. Mobile clients would need to establish a VPN connection first.
 
Since you already have ssh access, sysutils/fusefs-sshfs is quite simple; just install the package, check that the fuse kernel module is loaded, do # sysctl vfs.usermount=1, and you are ready to create a mount point and mount your storage server.
sshfs isn't the fastest, and it gobbles up memory if you copy large amounts of data (but only in one direction, I can't remember if it is to or from), but it is easy, quick to set up, and works with any machine on which you have ssh access.
 
You must log in or register to reply here.
Back
Top