Skip to content

Instantly share code, notes, and snippets.

@taikedz

taikedz/README.md

Last active August 23, 2023 08:11
Show Gist options
  • Save taikedz/a2411554ca86526c432638284438872d to your computer and use it in GitHub Desktop.
Save taikedz/a2411554ca86526c432638284438872d to your computer and use it in GitHub Desktop.
Download ZIP
Using syncthing
Raw
README.md

Converterd to an articla: https://dev.to/taikedz/considering-syncthing-at-work-3pin

An interim solution for passing around large files using decentralised means

Syncthing uses end-to-end encryption to send files directly to other devices. If two devices are on the same network, the instances communicate directly with eachother. If not, they send traffic, encrypted, via a relay server (akin to a router).

This solution can be useful for sending large files between workstations, when other means are unavailable.

Security considerations

Trustability of Solution

Syncthing claims to be secure and E2E encyrpted. The solution is well-known and several years old ; I presume it has attracted scrutiny from the security community and nothing has been flagged as troublesome/buggy that still exists from a security standpoint.

For most purposes, including corporate use, I would tend to be satisfied with the general status of this tool.

I would not use it in a highly sensitive environment without further scrutiny, and proper approval channels.

Trustability of Build

Use of syncthing in sensitive environments may need to consider how to determine whether the build of the syncthing binary is untampered with.

Installing from a well-known distro's default repositories provides a usually suitable level of assurance that it will abide by its security claims, and that the implementation is pristine (within the scope of the distro repo's practises).

Trustability of Relay

If two syncthing instances are on the same network, they will talk to eachother directly, without a third-party. If the two instances are on different networks, they will make use of a publicy hosted relay machine.

All content being E2E encrypted, this should not be an issue whatsoever for security. This does depend on the installed copy being pristine.

Installation

(On Windows, use WSL with any of Ubuntu recent LTS, Fedora recent, openSUSE LTS)

(do NOT use user repositories - private ppas are to be regarded with caution, snap/flatpak sources and docker images to be vetted as being indeed from the original project maintainers, third-party repositories are to be evaluated, Arch AUR is to be rejected outright)

sudo apt-get update && sudo apt-get install syncthing -y
# Run it in the background
syncthing > syncthing.log 2>syncthing-errors.log &

Syncthing will open a browser to your http://localhost:8384

Add the following device by going to the bottom right section and "add device"

Device (example): A24RVJV-RCBOM6L-6PRUIEX-YRDRD6C-LWFFS7C-3Q2XN8G-IC5ZFWG-R2WBCQ2

You can get the ID of your device by going to top right menu: Actions : Show ID

The operator of a device can choose to share a specific folder with any other device it has recognised and registered, it will send a share request to that device. The device receiving the share request must confirm the share.

With this share established, the workstation operators can use the defined sync folder to synchronise the data

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment