Hello and thanks for this very nice program! I installed syncthing on a machine without a browser (and neither ssh). I would like to set up a few things on another computer on the same network, with the GUI (which I find more convenient). As I don’t want to change the config for this (exception), I use syncthing --gui-address=..., but it would be nice if I could set a (temporary) password too. --gui-password isn’t recognized (seems to be usable only for syncthing generate) and I wasn’t able to make work an embedded password. Is this (last) solution possible and I do it wrong? Or is there another way?
1 Like
That would be readable to any process on the machine and is considered a bad practice, so unlikely to happen.
I think you might be able to set it via env vars, check --help.
Thanks for your answer! I’m not an IT person, so I very much appreciate the warning. I can indeed run STGUIADDRESS=0.0.0.0:8384 syncthing, but I don’t see a password variable and I fail to make an embedded password work this way too[^1]. If someone can hint me with a safe format, I would appreciate. Otherwise, the onliest safe way is to temporarily change the config file, I guess?
[1] I tried:
-
STGUIADDRESS=<myusername>:<mypassword>@0.0.0.0:8384 syncthing(no username/password asked) -
STGUIADDRESS=https://<myusername>:<mypassword>@0.0.0.0:8384 syncthing(same) -
STGUIADDRESS=https://<myusername>:<mypassword>@<myip>:8384 syncthing(syncthing exit status 1) -
STGUIADDRESS=https://<myusername>:<mypassword>@10.0.0.2:8384 syncthing(same)
Why don’t you just set the password in the config?
There is no way to set the password at startup as far as I can see.
Well, for the same reason I used the --gui-address command. I prefer so as it’s temporary. I normally don’t use a password as I’m the only one to use my computer. But I have no important reason otherwise, so I will use the config as you suggest. Thanks for taking time and looking up.
I agree your best bet is to set it in the config using syncthing generate --gui-password ... then reset it (or simply unset the user name) after your “temporary” access.
Yep! It’s what I did 
Actually, as your message imply (just to make it very clear for anyone reading this), it’s necessary to also syncthing generate --gui-user=..., otherwise syncthing doesn’t take it into account (no password has to be entered and you get the “Danger!” message). The <user>... line can then be removed from config.xml when not needed anymore.
I have a security question: @nv2p
Why have you chosen to not use SSH? VS setting the gui-address to 0.0.0.0?
If you load ssh server on each syncthing server, you can secure tunnel your connection to any server.
Here is a generic ssh command to easablish a secure tunnel via ssh. And following is how I usually use it: ssh -L <local_port>:<remote_host>:<remote_port> @<remote_machine>
ssh -L 6999:127.0.0.1:8384 user@remote_machine
Then, you open your browser to http://127.0.0.1:6999
You should get a password prompt if you have a password enabled. Then, you will see the remote GUI in your local browser over an encrypted connection.
This will make sure that not EVERY machine can simply browse to the gui.
This works for Windows, Linux, and Mac ass ssh server is open source.
1 Like
Well the reason is actually very simple and has nothing to do with security: I don’t have/need an ssh server on this machine (I could of course just set it up for this). I have physical access to it and it’s on a local network. It’s just an old laptop I want to use (without “disruptions”) to work on my phd and others ideas/todos, which are text files synced with syncthing.
1 Like
Sounds reasonable. I did a lot of mucking around in this area when I first started using sync thing because I had no idea how to use SSH and figured that changing sync things server settings to 0.0.0.0 would be a better solution.
It kind of forced me to learn more about SSH than I ever thought. Now I have SSH server installed on each of my windows computers and each of my Linux computers in part to manage sync thing and also to create a proxy tunnel To route traffic through my VPN from other computers that don’t have the VPN software installed.
Now, ssh is second nature. I still have absolutely no idea how to create keys and authenticate without a user ID and password. I just know the very basics pretty much of SSH server and client and that’s all you really need to know. The syntax made sense after I failed to make it work for the 10,000th time.
If it turns out that what you’re trying doesn’t work as well as you thought it would I would be more than happy to assist you in whatever configuration you need to get a basic SSH client and server running between your computers.
It’s become sort of a hobby. If you own your own router at home you can add port forwarding for SSH so if you are not at home and some place in public you can SSH tunnel into your computers from anywhere in the world. Of course programs like team viewer and any desk can assist in that area also.
Hope everything works out for you. Syncthing is a great product once you get the hang of it.
Thanks for your nice offer of help. For now, all good. I actually prefer to open as less as possible (even in a secure way like ssh, which I have tried very basically). For that, syncthing is perfect, as I can simply use my phone kind of “as a file server” (it’s always on by day and sync with computers I use).
1 Like
I use Syncthing to keep files on Android, Windows, and Linux all in sync, and it’s great For those that have multiple platforms. I don’t have Mac OS yet but I’m trying to get a used machine so I can throw the software on there too.
The people who miss out the most are those who have iphones because they don’t have a traditional file system that this software can use so there’s basically no way to bring the iphone into the environment.
If only I were smart enough to invent a file system overlay for the iphone I could retire.
Have fun!
Hello! Do you have access to the API? I guess, same as android, you can use it as password. Grettings
Hello! I never used the API, but I looked quickly and as it need to be set, it’s easier for me to just set a user and password in the config file. Anyway, thanks for the input! Cheers.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.