Sync point-to-point through ssh tunnel


(Ken Marsh) #1

Great software - thanks so much!

I have suggestion for documentation, an example how to sync in a highly secure environment through ssh tunnel - e.g. firewall doesn’t allow anything in or out except specific ports, and ssh is one of them. The given documentation had me setting up a relay for lack of understanding how it works. Upon inspection with netstat and observing logs, I figured it out. Here’s how it looks:

#/bin/bash ssh -i ~/.crypt/mykey.pem
-L 127.0.0.1:22001:127.0.0.1:22000
-R 127.0.0.1:22001:127.0.0.1:22000
user@10.23.45.6

Both machines have syncthing listening on 22000. This makes a tunnel so ssh listens on 22001 on each end and redirects to 22000 on the other. Be sure to allow port forwarding in ssh config! No matter which side you run ssh, but not both!

Then in syncthing you configure both ends like this:

  • Remote Devices | Edit | Advanced | Addresses - change from “dynamic” to “tcp://127.0.0.1:22001”
  • in Actions | Settings | Connections - no need for NAT traversal, discovery, or relays, although if they are configured it probably won’t stop it working.

Be sure if limiting bandwidth to go into Actions | Advanced and check box to “Limit Bandwidth In Lan”. Otherwise no limit is enforced.


(Audrius Butkevicius) #2

The documentation is in the docs git repo where anyone can suggest changes, so feel free to make your changes there and open a PR.