I have a question about the security of plex media server.
Which protocol is used when you share your library with your iOs devices ? and inside plex ?
I mean that when i'm away from home for a while, I just use plex on my laptop or iOs and the content is streamed, that's great, I also share my library with family and some friends, but technically this is on the border of the law (at least in france) so are the data sent from plex crypted at some points (ssl or something) ? is there anything to activate this ? is there any risk to get caught by government ?
thanks
pv
EDIT : if you want easy step by step using SSH just read this [thread](http://forums.plexapp.com/index.php/topic/16166-bonjour-zeroconf-details/), if you don't like terminal, go to page 2 and many thanks to Anton and sander1
whenever I watch on my laptop while traveling, I forward the traffic through ssh, which is an encrypted connection. This can also be done on a jailbroken ipad/iphone.
Don’t know what the stock version of plex does in the way of encryption, though I am pretty certain it’s all in clear text.
I've been looking for a while on an easy ssh setup, for my friends and family that are so affraid of the terminal. have you find any ? do you know an easy software or script that can do that ? and also that can easy tunnel afp over ssh without terminal command lines ?
disclaimer I am a developer, so I am not afraid of using the command line, so I haven’t tried any of the options mentioned below.
I see two ways you can help your friends and family remotely connect to your PMS:
[list=1][]Set up a vpn that they can connect to (you can probably use something like OpenVPN). This will allow them to “join” your local home network.[]Have them use an ssh tunnel for the desired protocols (AFP, SMB, plex pms, etc). To avoid having to use the command line, an ssh gui manager like meerkat might be useful.[/list]Hope that helps
that would be great if transmissions from plex media server to any other plex devices were crypted natively, that will maybe come in the future…
about SSH, I understand theorically how it works, and i understand how to create a tunnel within the terminal to access an other computer, but still, as I have nothing to do with developing software (movie editor), but still passionate and learning from google,(the best explanation seems to come from this site for those intrested) can I ask you a few questions on how to do it properly ?
on the router, the only port that should be open and redirected to the computer is the SSH port or should i also open and route the AFP, PLEX, etc…
once the tunnel is created, how do i know all the communications are going through the tunnel and not outside of it ? (if the answer to the first question is only ssh port, this question is probably useless)
is there an automatic way to open a tunnel between 2 computers on their start up (shell script?) something looking like this script might do the job if modified a little but still, ancient greek is more clear for me than shell…
Sure, I'll do my best to answer. That said, I am by no means an expert either.
Yes, only the ssh port (which is by default port 22). That said, many decide to use a different, "random" port number (like 35076 or something like that) for ssh traffic as it is a common port and many hackers will attempt to penetrate a network using it. It just adds an additional layer of difficulty in hacking into your network.
Yea, not easy to tell. I am sure there is a way to have the ssh process output some sort of log, but since only the ssh port is forwarded, it should be safe to assume that if things are working, then it is going via the ssh port. One way of testing would be to close down the tunnel and see if the remote access is still working. If it is, then that would be an indication that the traffic is not going via the tunnel.
I think meerkat has this ability. Otherwise you could perhaps create a launchd script (similar to the unix cron script) that would create the tunnel upon login. A good GUI tool for creating these launchd scripts is the mac osx app "lingon" (not sure if it is still updated, but current version still works fine for me).
I took a look at the script, tunnelopen. I have never used it, and it seems to have lots of nice features. I am not certain if you really need all of them, I just use:
to remotely access my plex library (credit to someone on the forums for the command, cannot remember who).
If you do decide to go the ssh tunnel way, you probably want to look into password-less logins (using public and privat keys). Google will help you out if that sounds latin to you.
Hope that helps.
