I've been using SFTP to access and modify the contents of a Raspbery Pi web server. I'll be moving it off my internet connection and onto someone else's, and I was wondering if there is still a way I can easily access the files similar to the SFTP connection I've been using. If worst comes to worst I plan on just using remote access in and downloading the files from Dropbox when I need to.
1 Answer
Well... Yes...
...If you have access to the NAT(router) settings, you can forward the ssh(sftp) port so it becomes externally available.
External IPs for private subscribers are usually DHCP/Dynamic though. Trying to connect after an IP change makes for an annoying experience.
You could set up dynamic DNS, and let the Pi auto-update it. That will let you connect to a simple hostname instead of trying to connect to ever-changing IP addreseses.
Security:
Do keep in mind that you should not expose such a port to the wide world if you use the default usernames with simple passwords.
Enabling only keyfile-authentication is a good idea. This disables all password entry for authentication. You should also make sure all remote logins are explicitly disabled for the root account.
In addition to this, there's a program named fail2ban which will limit login attempts and block connections from anyone repeatedly failing to authenticate.
I would also create a new user with sudo privileges and disable or remove the pi user since default accounts are what most attackers try first.