Admittedly, I don’t do a lot of shuffling files around from this device to that, however, if I do, I mostly rely on sFTP or SSH.
Comment on What are your self–hosted alternatives for inter device communication?
darklamer@feddit.org 2 days ago
I always have SSH everywhere on everything and I could never understand why anyone ever would want to make it more complicated than that.
irmadlad@lemmy.world 2 days ago
hirihit640@sh.itjust.works 2 days ago
Most people probably don’t care but it can be a security risk, allowing malware to move “laterally” between all your devices. For my main devices I don’t give them SSH access to each other, but I do give them SSH access to my secondary devices (like a Pi-Hole)
darklamer@feddit.org 2 days ago
Unless you do something incredibly stupid, such as allowing keyless login or sharing keys (or having unencrypted keys or keys without a passphrase, seriously), I find it hard to see how that would actually happen in practice.
hirihit640@sh.itjust.works 1 day ago
Even if you have a password for your ssh key, malware on your system can just wait until you enter the password.
My point is that SSH access is very powerful, and effectively means that the security of the SSH server is reduced to the security of the SSH client. If your SSH client is pwned, so is your server. If you have 10 devices each with ssh access to each other, then if any one device is pwned, all devices are pwned as well.
This is not the case for systems designed for file sharing only. For example with syncthing, if one device gets pwned, all it can do is send files to the other devices.
darklamer@feddit.org 1 day ago
Sure, it’s just that from my point-of-view I’d be toast anyway if anyone managed to gain that level of access.