From 7a28228e82c69bbcff07b526aab65fff402df72c Mon Sep 17 00:00:00 2001 From: Germano Rizzo Date: Tue, 14 May 2024 17:22:00 +0200 Subject: [PATCH] Update README.md --- README.md | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 00b6454..8e32a3f 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ **The BOM**: You have a "jump server" wich you can access via SSH from local, and a port on it accessible from the remote system. Nothing else is used on it, only SSH. -**The solution**: You run a script on the local system. The script outputs a `curl` command. You use this `curl` on the remote system to get the file. +**The solution**: You run a script on the local system. The script outputs a `curl` command. You use this `curl` on the remote system to get the file. Or you can use a browser. **The plus**: The connection is always secure and the file is only stored on the local and remote systems. @@ -22,23 +22,23 @@ It has been tested under Linux, both for the source and destination system; it w - A free port on it, accessible by "the world"; - SSH on the jump server must be configured to allow remote tunnels (see below); - `python` v3 on the source system; -- `curl` on the destination system. +- `curl` (or a browser) on the destination system. ## Usage -- You configure the script `filetunnel.sh` with some parameters; -- You run it with the file to transfer: +- First, configure the script `filetunnel.sh` with some parameters; +- Run it with the file to transfer: ```bash ./fileserver.sh myFile.binary ``` -- It will output a `curl` command to use on the destination system to download the file. - -Behind the scenes, the script opens a web server using python, on a random local port, with a random URL; then reverse tunnels it on the jump server, making it available remotely. - -The `curl` command, when executed on the destination system, will connect to the port and download the file, assigning the correct filename to it. +- It will output a `curl` command to use on the destination system to download the file; + - You can also use a browser, dealing with the self-signed certificate warning. ## Setup +You need to ensure that the jump server is set up correctly, then configure the script. +After this, you can simply use it forever and ever ;-). + ### The jump server This is a "normal" server such as a VPS, that you can access via SSH from the source system. @@ -47,7 +47,7 @@ A port must be mapped/accessible from "outside", at least from the destination s On ssh, (reverse) tunneling must be enabled. Ensure that you have this setting in `/etc/ssh/sshd_config`: -``` +```python AllowTcpForwarding yes ``` @@ -59,9 +59,9 @@ GatewayPorts clientspecified # or 'yes' **WARNING!** This setting allows the forwarded port (*any* forwarded port, even for other uses) to be globally accessible. Consider the security implications of this. -### The source system +### Script (for the source system) -Download `filetunnel.sh` from the release page. +Download `filetunnel.sh` from the [release page](https://github.com/proofrock/filetunnel/releases). Open it, and configure the variables in the first section. You'll need: @@ -86,6 +86,10 @@ Then configure `fileserver.sh` to use HTTPS, by setting the relevant variables: ## How it works +Behind the scenes, the script creates a web server using python, on a free local port assigned by the OS, with a random URL; then reverse tunnels it on the jump server, making it available remotely. + +The `curl` command/browser, when executed on the destination system, will connect to the port and download the file, assigning the correct filename to it. + ```mermaid sequenceDiagram participant S as Source
[local system]