How to use the SSH and SFTP protocols on your home network

Use the SSH and SFTP protocols to access other devices, efficiently and securely transfer files, and more.
190 readers like this
190 readers like this
open network

Opensource.com

Years ago, I decided to set up an extra computer (I always have extra computers) so that I could access it from work to transfer files I might need. To do this, the basic first step is to have your ISP assign a fixed IP address.

The not-so-basic but much more important next step is to set up your accessible system safely. In this particular case, I was planning to access it only from work, so I could restrict access to that IP address. Even so, you want to use all possible security features. What is amazing—and scary—is that as soon as you set this up, people from all over the world will immediately attempt to access your system. You can discover this by checking the logs. I presume there are bots constantly searching for open doors wherever they can find them.

Not long after I set up my computer, I decided my access was more a toy than a need, so I turned it off and gave myself one less thing to worry about. Nonetheless, there is another use for SSH and SFTP inside your home network, and it is more or less already set up for you.

One requirement, of course, is that the other computer in your home must be turned on, although it doesn’t matter whether someone is logged on or not. You also need to know its IP address. There are two ways to find this out. One is to get access to the router, which you can do through a browser. Typically, its address is something like 192.168.1.254. With some searching, it should be easy enough to find out what is currently on and hooked up to the system by eth0 or WiFi. What can be challenging is recognizing the computer you’re interested in.

I find it easier to go to the computer in question, bring up a shell, and type:

ifconfig

This spits out a lot of information, but the bit you want is right after inet and might look something like 192.168.1.234. After you find that, go back to the client computer you want to access this host, and on the command line, type:

ssh gregp@192.168.1.234

For this to work, gregp must be a valid user on that system. You will then be asked for his password, and if you enter it correctly, you will be connected to that other computer in a shell environment. I confess that I don’t use SSH in this way very often. I have used it at times so I can run dnf to upgrade some other computer than the one I’m sitting at. Usually, I use SFTP:

sftp gregp@192.168.1.234

because I have a greater need for an easy method of transferring files from one computer to another. It’s certainly more convenient and less time-consuming than using a USB stick or an external drive.

Once you’re connected, the two basic commands for SFTP are get, to receive files from the host; and put, to send files to the host. I usually migrate to the directory on my client where I either want to save files I will get from the host or send to the host before I connect. When you connect, you will be in the top-level directory—in this example, home/gregp. Once connected, you can then use cd just as you would in your client, except now you’re changing your working directory on the host. You may need to use ls to make sure you know where you are.

If you need to change the working directory on your client, use the command lcd (as in local change directory). Similarly, use lls to show the working directory contents on your client system.

What if the host doesn’t have a directory with the name you would like? Use mkdir to make a new directory on it. Or you might copy a whole directory of files to the host with this:

put -r ThisDir/

which creates the directory and then copies all of its files and subdirectories to the host. These transfers are extremely fast, as fast as your hardware allows, and have none of the bottlenecks you might encounter on the internet. To see a list of commands you can use in an SFTP session, check:

man sftp

I have also been able to put SFTP to use on a Windows VM on my computer, yet another advantage of setting up a VM rather than a dual-boot system. This lets me move files to or from the Linux part of the system. So far I have only done this using a client in Windows.

You can also use SSH and SFTP to access any devices connected to your router by wire or WiFi. For a while, I used an app called SSHDroid, which runs SSH in a passive mode. In other words, you use your computer to access the Android device that is the host. Recently I found another app, Admin Hands, where the tablet or phone is the client and can be used for either SSH or SFTP operations. This app is great for backing up or sharing photos from your phone.

Tags
Greg is a retired neurologist in Louisville, Kentucky, with a long-standing interest in computers and programming, beginning with Fortran IV in the 1960s. When Linux and open source software came along, it kindled a commitment to learning more, and eventually contributing. He is a member of the Scribus Team.

7 Comments

"To do this, the basic first step is to have your ISP assign a fixed IP address."

Unfortunately, many ISP's will charge you extra for this.

An alternative is to use a free DNS service like now-dns.org; you can have your own domain and regularly (as often as you like - there are several tools) confirm your current IP address with them.

Was your work OK with you making SSH connections to off-network resources? Most places I've worked in the last 10 years or so only allow this to approved vendor IPs.

What I was doing was to use my Linux laptop to connect to the wifi at work, then connecting home from there.

In reply to by Scott Jacobson (not verified)

Thank you for article, im using WinSCP for get access to unix machine files, very useful tool for windows, can you advice some good alternative for linux system?

I have a Raspberry Pi on my home network, and one thing I use it for is backups. I have the sshd running on the Raspberry Pi, and a USB drive mounted on the Pi as /backup. Then I use GNOME's file manager to map a folder to the Pi's /backup over SSH.

Just click on the shortcut in the file manager, type my (Raspberry Pi) password, and it's available. That's pretty easy. And transparent. And secure.

I use the Pi's /backup to store a second copy of things I don't want to lose.

To facilitate using ssh and sftp on your home network, you could assign fixed IP addresses for every box in your home and put a list of it in every /etc/hosts. Just copy-paste the same list.

This way you can contact another machine by using its name instead of a number. Here I even have a hosts file on my ssh-supporting smartphone, which is nice for file transfer but also for remotely updating or shutting down the family HTPC ;-)

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.