Sync files between devices with Syncthing

Many tools and services are available for synchronizing data among various devices. Users who want to trust their data to the cloud can use services such as Google Drive, Dropbox, and Copy.com. An alternative here is BitTorrent Sync [1], which is a distributed peer-to-peer system based on the BitTorrent Sync protocol. This software, however, is not open source, just freeware. Thus, it is never clear what the program does. Syncthing, on the other hand, offers a secure alternative; it is open source and comes with a Mozilla Public license.

Syncthing uses the open source Block Exchange Protocol (BEP) [3] for synchronization. The data exchange among the individual nodes is typically TLS encrypted including Perfect Forward Secrecy (PFS). The nodes identify themselves to each other with cryptographic certificates, which Syncthing creates when it is installed on a platform. Encryption can be turned off for synchronization on a local network. This option speeds up the data throughput. In the basic setting, the program restricts encryption to metadata only. Written in the Go programming language, Syncthing has all of the required features for keeping your data secure.

Preparations

This relatively new software runs on Linux, Mac OS X, Windows, Solaris, various BSD versions, and also on the Raspberry Pi. A Sync app is available for Android, and the developers are working on a version for iOS. Listing 1 contains commands for adding the repository to Ubuntu and installing Syncthing. For testing, we also installed Syncthing on an openSUSE box to have something to sync with. For the curious, Syncthing is a default package in openSUSE Tumbleweed, and all you need to do is:

$ sudo add-apt-repository ppa:ytvwld/syncthing
$ sudo apt-get update && sudo apt-get install syncthing

# zypper install syncthing

Syncthing can synchronize data on the local network and on remote computers. Like BitTorrent Sync, the software is based on UPNP. This design feature helps make synchronization easy even outside of the local network. It may be necessary to enable UPNP on your router, but routers come with UPNP already enabled. If your router does not have this set of protocols available, then it is a good idea to manually install port forwarding.

You will need to forward port 22 000/TCP to the desired target host. If the computer is located behind a fire wall, then you should activate ports 22 000/TCP and 21 025/UDP.

First Steps

Once it's installed, you can start the software from the command line with

syncthing &

Figure 1 shows the output you should get. This also opens a web interface in your browser. You should make sure that the software has been installed and is started on all of the devices you want to synchronize. The software will create a key and certificate when it first starts on a device. This step can take several minutes, but it will guarantee secure exchanges.

Figure 1: The software automatically opens the web interface for configuration when started via the command line.

The settings for language are found in the bar that sits above on the interface. Next to this bar, you will find a fold-out menu, Actions , where you can configure additional settings (Figure 2). For example, you can choose to restrict synchronization to the local network, or you can indicate that devices should be accessible for synchronization via the Internet. If you decide to limit data synchronization to the LAN, then you should remove the checkmark next to the option Global device search (Figure 3). The same goes for a router that does not support UPNP. To be able to identify the devices, you can use the device names option to assign them unique names.

Figure 2: The Actions option sits near the language settings. This option contains tools for setting and controlling all of the important parameters for the software.

Figure 3: If you want to use Syncthing only in a local network, you should deactivate the Global Discovery option in settings.

The limit data rate option gives you the possibility of setting a maximum data throughput rate if this is necessary or desired. Modern hardware should make such a limit unnecessary. You may need users to provide a user name and secure password for access to the user interface. This is done by setting a checkmark at the entry Use HTTPS for GUI , which ensures a secure connection. When activated, the anonymous utilization report causes information to be sent anonymously to the project. This tool provides the developers with insights about user behavior, which they can then use in making modifications to the software. Additional information about this feature is available via the link following the option.

When you are done configuring, Syncthing will offer to restart. This step will take some time because a new certificate for HTTPS will also be generated. You will find further details on the entire configuration process including generation of keys in the ~/.config/syncthing/ directory.