Security through obscurity can add an additional layer of protection to web services. Use a Non-Standard Port for Syncthing Data Connections If running Linux or another operating system, I recommend taking comparable steps to ensure Synthing is not running as the root user. I also verified that the new user could not log into the server remotely via Remote Desktop. The file folder locations that contain synced files.It should only require read/write access to: When creating the non-admin user, give it as little access as possible.
Windows service users can be set on the “Log On” tab of the Services console On Windows, the service user can be configured either during Syncthing service install, or afterwards via the Services panel. It’s recommended to run the Syncthing service as a non-admin user so that if the service is compromised, the attacker will gain limited access to the host server. Run Syncthing Service as a Non-Admin User Security TipsĪs with hosting any Internet-exposed service, precautions must be taken to prevent attackers from gaining access. In the pop-up, scroll into the “Options” section and uncheck the box label “Relays Enabled”. To disable the Relay Service, open the Actions menu in the top right of the GUI and select “Advanced”. This is an optional service, and not necessary if your Syncthing instance is directly accessible from the Internet. Relay servers are maintained by the Syncthing community. Syncthing employs relays to sync between devices that cannot make a direct connections to each other (e.g. This had to be done for each Remove Device, on each device (6 times total in my case)! Relay Service When editing the device, on the “Advanced” tab, set this information in the “Address” field in a format like: tcp://96.15.27.131:22000.
Remote Device configuration inside the Syncthing web UI In the pop-up, I scrolled into the “Options” section until I saw a checkbox for “Global Announce Enabled”, and unchecked that box.Īt this point, I had to edit each of my devices and define specify the IP address and port where each could be found. To disable the service, I opened the Actions menu in the top right of the GUI and selected “Advanced”. Since my IP addresses are static, I chose to disable the service for 2 devices, and leave it enabled for my mobile phone. Syncthing does a great job of making itself discoverable with the help of the Global Discovery service.
Disabling them requires a static-ish IP address and configuration of firewall pass-through / port-forwarding (or direct access to the Internet). Both services discussed below are optional and maintained by the Syncthing community. Out of box, Syncthing uses a few external services to improve connectivity between devices. Select which Remote Devices to share the new folder with in the Syncthing web UI Removing Dependencies on External Services
0 kommentar(er)
