ssh access

iaw4 · March 26, 2025, 5:34pm

so, I have all these wonderful QR codes and identification strings. alas, the device sits behind my firewall at home on a dynamics DNS. wouldn’t it be nice if there was a companion executable that would allow me to

syncssh user@QVUN3IT-4YIFFRE-JLLPPY-GWW731PN-SCYVIED-J223EB-LCBVOXL-R26IU03 user@domain’s password:

you probably already have the tunnel…

love syncthing. thanks to the developers. (just donated my share…ps: maybe put at the top of the forum the “donation link”, too.)

chaos · March 26, 2025, 7:03pm

Syncthing itself does not create anything that I would call a tunnel. For your specific use case, I’m using NordVPN’s Meshnet for connectivity and NoMachine for remote control — both are free. I’ve carefully configured and tested that the local machine firewall prevents NoMachine access without the Meshnet connection. This also allows me to avoid using relays entirely without permitting inbound Syncthing connections through my firewalls.

scottf007 · April 4, 2025, 12:59am

I along with one or two others have suggested exactly this in the past. The repsonse was that it is not a feature or direction they want to do - but perhaps someone could make this? I unfortunately do not have the skills. I use Zerotier which is free and can kind of do the same thing - but I would prefer syncthing.

chaos · April 4, 2025, 2:19am

There is nothing about Syncthing’s architecture that would lead towards this kind of feature. One could argue that Syncthing’s encryption would lead to that, but that’s TLS, a protocol that Syncthing uses, not a Syncthing-specific capability.

What you want would be a mesh VPN (multiple options here) or what I will probably erroneously call an “SSH relay”: a service that accepts outbound TCP/22 connections and proxies them to specific others for the sort of connectivity you seem to be looking for.

If you think I’m wrong for some reason, Syncthing is open source. If you aren’t a software developer — and I sure am not - find a way to fund someone to do it for you.

Arneko · April 7, 2025, 4:54am

I am having a hard time wrapping my head around the problem here. OP posted:

you probably already have the tunnel…

If you have the tunnel, then you can use port forwarding to get acces to the GUI on that machine using regular ssh. (e.g. “ssh user@remote -L 18384:localhost:8384” will get you the remote’s GUI on localhost:18384, IIRC)

Or are you just looking for a script that will accept/add a machine’s ID to a remote host+potentially auto-accept?

chaos · April 7, 2025, 11:54am

I read “you probably already have the tunnel” as a misunderstanding of how Syncthing works.