I am unsure if there is some security issue with this senario:
In my test environment I have a home box with proper backup ect. an 4 clients. My wife has a labtop and her Android phone, and I have the same.
On the server I have created 2 instances of syncthing started by systemd and running under our respective user account. Setup is close to the one described here.
I am not running my own discovery server and most thing seems to work.
But when I log in to my instance on the servers web-interface I get the message:
Device “elisabeth.vink-slott.dk”
(BLAXXXX-XXXXXXX-XXXXXXX-XXXXXXX-XXXXXXX-XXXXXXX-XXXXXXX-XXXXXXX at
192.168.6.125:59371) wants to connect. Add new device?
Which is my wifes labtop trying to connect to my syncthing instance. This message pops up even though she is currently connected to her own instance at the same server. She is not sure if she at some point have accepted a similar message on her labtop from my server “Yes, that is the server I am using, is’nt it??”
Well, my wife and I dont have much secret to each other, but does this indicate some kind of security problem? If I accept the above, will I gain access to my wifes shared directories?
Can one at all have more users connecting to one server?
You can accept the device without sharing anything with it.
Is there an introducer anywhere in the cluster?
The 2 instances on the server use different configuration directories don’t they? (I have not read the linked post) If not they will be seen as the same instance.
There’s nothing inherent to the two instances running on the same machine that should mix them together, so I’m guessing this is a config mistake somewhere along the way.
Yes both instances on the server is configured as introducer.
The 2 instances is running as the user in question. By doing so I can ensure that syncthing will only share files belonging to the user. Thus to two instances will not be able to access each others configuration files.
I found that the syncthing instance on my wife’s pc have my servers ip set in the Addresses field. Could that be the reason that I persistently get the connections attempts from on the wrong instance on the server?
I’m not really visualizing your setup successfully here… But each Syncthing instance will connect out to each of the configured device IDs and the addresses set on them…
Yes, if you put in the ip:port manually syncthing will try to connect to instances running on that address, even if the id of that instance is not known. At least in my experience, I have seen this behaviour a couple of times. This is not strictly a security flaw, but it is certainly a bit surprising.
This is a malconfiguration though. Your two instances should listen on different ports, these seem to be mixed up in one of your laptops address fields…
That sounds like a reasonable explanation, although port number was not specified. I have not not been able to lay my hand on the machine to verify by changing the configuration. But as soon as get it I’ll try to change it.