Bought OSX server for FTPing

[thecounthahaha]

I want to use my mac mini as an SFTP server (or similar) so that I can access it and the hard drives attached to it from my Mac from off site.

I bought the Mavericks version of OSX server as my mini is on mavericks, but I don't seem to be able to find the section for SFTP setup.

Have I mucked up and bought something that doesn't do what I want it to?!

Thanks for the help!

 

[kryten2]

I bought the Mavericks version of OSX server as my mini is on mavericks

Why? On regular Mavericks you can enable SFTP by enabling Remote Login in the Sharing pane of System Preferences. The same applies to OS X Server.

Remember, there's no security inherent to the FTP protocol, and by default any data you send or receive from an FTP share point will be unencrypted. If you'd like to enable encrypted SFTP transfers instead, enable remote login using SSH from your server's settings as shown above. You can also do this from within System Preferences on the server. Go to Sharing and enable Remote Login, which will enable SFTP along with the SSH remote login service. Enabling SSH enables SFTP—there's no way to have one without the other, and there's no way to serve standard FTP with SSH enabled.

Info : http://arstechnica.com/apple/2013/12/a-power-users-guide-to-os-x-server-mavericks-edition/4/

 

[theluggage]

Have I mucked up and bought something that doesn't do what I want it to?!

Yes. Just enable remote access as per the other post.
(If you have a home router you might have to set up the firewall on that to foward port 22 to your Mac).

Take-home lesson: The main use of OSX server is if you're running a small-office Mac/iOS workgroup. Its rarely worth it for basic internet stuff, which can usually be done on regular OSX with a quick google for the appropriate incantation.

"Enabling SSH enables SFTP—there's no way to have one without the other."

Not an issue for the original poster, but you ought to be able to tweak things like that by editing /etc/sshd_conf, e.g. put a hash in front of the line:

Subsystem    sftp    /usr/libexec/sftp-server

...to have SSH without SFTP.

 

[kryten2]

Not an issue for the original poster, but you ought to be able to tweak things like that by editing /etc/sshd_conf, e.g. put a hash in front of the line:

Subsystem    sftp    /usr/libexec/sftp-server

...to have SSH without SFTP.

The quote was from the arstechnica article but thanks for the clarification. I learned something new.

 

[thecounthahaha]

Damn - serves me right for not researching properly. I'll see if there's a way to get a refund.

I'd only use sftp, but esentially what I am after is the ability to access files on my mini when travelling, but not necessarily from a Mac with the same Apple ID (so back to my Mac won't work).

Additionally, if it is an FTP I can use various ftp software for things like backing up files and folders on my travel Mac automatically to the ftp and thus to time machine.

Is it really that insecure this way, or should I be looking at something like a synology nas which has better security and blocking features? Or something else?

 

[seismick]

Damn - serves me right for not researching properly. I'll see if there's a way to get a refund.

I'd only use sftp, but esentially what I am after is the ability to access files on my mini when travelling, but not necessarily from a Mac with the same Apple ID (so back to my Mac won't work).

Additionally, if it is an FTP I can use various ftp software for things like backing up files and folders on my travel Mac automatically to the ftp and thus to time machine.

Is it really that insecure this way, or should I be looking at something like a synology nas which has better security and blocking features? Or something else?

One alternative is to use OS X Server to set up a VPN, as I have done. You can VPN into your home network whenever you're on the go, then can access your shares via SMB or AFP. Alternatively, you can set up your shares to be accessible via WebDAV, allowing you to access shares remotely with any Mac (provided the correct login credentials), from iOS devices (need to install a WebDAV client - I use Transmission for this but there are others), or from a PC (requires software - I've never tried this). VPN is the more secure option of the two, but WebDAV runs over HTTPS so it's not bad security-wise - someone more knowledgable can feel free to speak up on this point though.

 

[chrfr]

Additionally, if it is an FTP I can use various ftp software for things like backing up files and folders on my travel Mac automatically to the ftp and thus to time machine.

Is it really that insecure this way, or should I be looking at something like a synology nas which has better security and blocking features? Or something else?

The entire FTP protocol is completely insecure. credentials are sent in the clear and no part of the transmission of data is encrypted. It really is not a protocol that has an appropriate usage anymore.

 

[Altemose]

@thecounthahaha Any time you open ports is opening a security hole and FTP is far from secure. I recommend using your new OS X Server purchase to host a VPN off your home network for security, reliability, and speed.

 

[thecounthahaha]

Would a VPN enable me to access my mini's external hard drives from my parents' Mac for example? Is there a way of automating a backup from an external drive connected to my parents' Mac to an external drive plugged into my Mac?

I know there is with ftp/sftp which was my original thought process.

This is all new to me (hence buying the wrong thing!) so it's all greatly appreciated.

Thanks guys!

 

[Altemose]

Would a VPN enable me to access my mini's external hard drives from my parents' Mac for example? Is there a way of automating a backup from an external drive connected to my parents' Mac to an external drive plugged into my Mac?

Yes. You can configure that. However, I actually recommend that if you are looking for speedy and safe backup solutions that you invest in ChronoSync and ChronoAgent.

 

[theluggage]

Additionally, if it is an FTP I can use various ftp software for things like backing up files and folders on my travel Mac automatically to the ftp and thus to time machine.

Just for clarity - FTP and sftp are completely different systems. FTP is obsolete and insecure, sftp - an add-on to ssh - is secure (given a strong password or using key-based login & up-to-date software).

Most of the decent FTP software also supports sftp (Cyberduck, FileZilla, Transmit, Flow etc.) - there really is no reason to use FTP.

VPN is the more sophisticated solution, but if you just want to copy files, sftp is easy to set up.

Just remember that whatever you do (FTP, SFTP, VPN) you may have to adjust the settings on your home router to redirect the appropriate ports to your Mac.

 

[thecounthahaha]

Riiight.. Ok - I had incorrectly been using FTP when I have always meant SFTP. Good to know that it is in fact secure as we use STFP servers at work...!

I think VPN is a bit too sophisticated for what I want to do at the moment. My top few things to set up are backing up files from a/a few computer's external drives to my (remote) mini's external drives, plus *maybe* accessing those files when I'm out with a laptop, but that's not a huge deal. I don't need to access the software on the mini either.

ChronoSync and ChronoAgent look to be a good way of doing the backup to a remote computer. Is it more secure to do it that way rather than SFTP (as in noone trying to hack into my port 22 or something - sorry if I come across as a bit dim on this part) or even, is it simpler in that there is less setting up to do? Do they both handle quantity of data the same? I can't guarantee the changes will be small, so there might be a number of GBs needing to be uploaded.

I'm happy to pay the $60 for ChronoSync and ChronoAgent to get a decent robust system that works on its own that I don't have to manage that much, especially if it is a secure way of doing so.

Thanks again for the help guys, its very appreciated!

 

[Altemose]

ChronoSync and ChronoAgent look to be a good way of doing the backup to a remote computer. Is it more secure to do it that way rather than SFTP (as in noone trying to hack into my port 22 or something - sorry if I come across as a bit dim on this part) or even, is it simpler in that there is less setting up to do? Do they both handle quantity of data the same? I can't guarantee the changes will be small, so there might be a number of GBs needing to be uploaded.

I'm happy to pay the $60 for ChronoSync and ChronoAgent to get a decent robust system that works on its own that I don't have to manage that much, especially if it is a secure way of doing so.

ChronoAgent and ChronoSync flawlessly syncs hundreds of gigabytes at a time across the Internet for the company I work for. They have two locations with mirrored servers at both locations that need to be up to date with each other so it works great. ChronoAgent uses some sort of VPN protocol to connect, and it does a fantastic speedy job.

VPN under OS X Server is great if you need to get in using the Finder on the client Mac, but if you need a backup solution then ChronoSync and ChronoAgent are the way to go. I can even give you a hand configuring them if you decide that is the best option.

 

[thecounthahaha]

I've downloaded the trial versions of chronosync/agent and it seems great on the quick test over same network I did!

In terms of which bit of software should be on which computer - as I understand it the destination uses chronosync, the remote devices use chronoagent?

In my case, everything is going to be backed up to my mini, however is there a way of prompting backups to take place from the remote locations and/or even set up new backups etc from the remote locations or is it all done from the destinations? Its not a *huge* deal if so, but it'd be nice to quickly add a new folder or drive or whatever from location to make sure its backed up rather than having to travel to set it up to press go.

Thanks!

 

[Altemose]

In terms of which bit of software should be on which computer - as I understand it the destination uses chronosync, the remote devices use chronoagent?

In my case, everything is going to be backed up to my mini, however is there a way of prompting backups to take place from the remote locations and/or even set up new backups etc from the remote locations or is it all done from the destinations? Its not a *huge* deal if so, but it'd be nice to quickly add a new folder or drive or whatever from location to make sure its backed up rather than having to travel to set it up to press go.

ChronoSync should be on the Mini, but ChronoAgent should be on the remote devices. Furthermore, it is a good idea to use a Dynamic DNS service like NoIP to overcome dynamic IPs changing.

Yes. You can create a remote access into the Mini to configure the backups/syncs. Most admins choose to sync the parent directory that way all files are included with the sync.

 

[thecounthahaha]

ChronoSync should be on the Mini, but ChronoAgent should be on the remote devices. Furthermore, it is a good idea to use a Dynamic DNS service like NoIP to overcome dynamic IPs changing.

Yes. You can create a remote access into the Mini to configure the backups/syncs. Most admins choose to sync the parent directory that way all files are included with the sync.

Righto, so I'll start basic and once I get the handle on that I'll start adding to the complexity!

I now have Chronosync on my mini, which has a 2tb drive plugged into it. This drive is the destination for my laptop clone.

I have installed Chronoagent on my laptop.

In chronosync I have chosen 'Bootable Left to Right' with left being my laptop, and right being the 2tb HDD.

This seems to work properly when I am in the same location.

I've created a (NoIP) dynamic DDNS account etc - which machine should have the Dynamic DNS app assigned to it for it to all work off site, and how do I prompt the backup to take place from my laptop?

Thanks very much!

 

[Altemose]

I've created a (NoIP) dynamic DDNS account etc - which machine should have the Dynamic DNS app assigned to it for it to all work off site, and how do I prompt the backup to take place from my laptop?

If you still have OS X Server, the best route to take would be to enable a VPN server so that the laptop can connect and go from there.

 

[thecounthahaha]

Cool. I've just gone to my work to test out the no-Ip settings etc, and I'm getting an error with the connection - "Router is incompatible". It's a draytek vigour 2860ac - I assume some ports haven't been opened?

I also assume some VPN settings might be needed in future too if I want to access my home mini via vpn?

Thanks

 

[Altemose]

Cool. I've just gone to my work to test out the no-Ip settings etc, and I'm getting an error with the connection - "Router is incompatible". It's a draytek vigour 2860ac - I assume some ports haven't been opened?

I also assume some VPN settings might be needed in future too if I want to access my home mini via vpn?

The DNS updater will not work on corporate networks, therefore you need the Mac at home to host VPN for the laptop to connect to through OS X Server.

 

[thecounthahaha]

Hmmm. I'm also having issues setting up my Dad's mac mini too.

He has a mac mini on an Airport extreme network, and my chronosync mini is also on an airport extreme network. The source mini is logged in and has a no-ip logged in and working but doing a back to my mac to the destination mini doesn't see it.

My previously working laptop also has a no-ip running, but also can't be seen.

Have I missed a step somewhere, as my laptop definitely works on my local network...

Thanks!

 

[Altemose]

Hmmm. I'm also having issues setting up my Dad's mac mini too.

He has a mac mini on an Airport extreme network, and my chronosync mini is also on an airport extreme network. The source mini is logged in and has a no-ip logged in and working but doing a back to my mac to the destination mini doesn't see it.

My previously working laptop also has a no-ip running, but also can't be seen.

Have I missed a step somewhere, as my laptop definitely works on my local network...

Thanks!

Yes. On the main Mac hosting OS X Server and ChronoSync, you need to set it up to allow VPN. Then, you can connect to the server using VPN and run ChronoSync. I can give you a hand on setting that up using TeamViewer sometime this week if you need help.

Why does your dad's Mac Mini need ChronoSync at all?

 

[thecounthahaha]

Yes. On the main Mac hosting OS X Server and ChronoSync, you need to set it up to allow VPN. Then, you can connect to the server using VPN and run ChronoSync. I can give you a hand on setting that up using TeamViewer sometime this week if you need help.

Why does your dad's Mac Mini need ChronoSync at all?

I can access my host mini using back to my mac, so was able to log in remotely, share screen, and try and set up the sync, but Dad's mini was not appearing in the chronosync dropdown.

His mini is on a previous version of OSX (10.8 I think) so I might have installed the wrong version/set it up wrong. I'll check next time I'm over.

The reason for setting chronoagent up on his mini is mainly for creating an off site plex backup of his plex server (HDDs plugged into his mini) - I'm hoping that I can also set it up for a 2 way sync so that I can update it from home rather than having to wait every few weeks to update it when I'm with him. I'll also be able to make a copy of his mac in case there's ever an issue - off site backup and all that.

Thanks again for the help

 

[satcomer]

You could use VPN Server.

 

[Altemose]

The reason for setting chronoagent up on his mini is mainly for creating an off site plex backup of his plex server (HDDs plugged into his mini) - I'm hoping that I can also set it up for a 2 way sync so that I can update it from home rather than having to wait every few weeks to update it when I'm with him. I'll also be able to make a copy of his mac in case there's ever an issue - off site backup and all that.

Is his Mini on the same network as your Mini? If not then you need to only have ChronoAgent installed on his mini and you will need a NoIP account. ChronoSync should ONLY be on your host Mini.

 

[thecounthahaha]

Sorry for the delay replying on this.

It's working! Turns out after a combination of things not being right, the following is working well.

Chrono agent on my mini at home - running a noip address.
Chronosync on all other machines

As chrono agent is 1 install 1 licence, it saves me money on licences, plus agent is the side that needs to stay the same apparently. So when chrono sync looks for the agent to back up to it is always the same.

Only slight annoyance at the moment is laptops that are both on site and off site need 2 different sync profiles which both try to run when I turn on the computer (I want it to auto sync on startup).

I'm yet to sort my dad's computer out, but I assume that it will work now.

In terms of the sync settings, is there a downside to the bidirectional synchronise option for normal folders and not system files?

Thanks!