On Tue, Sep 09, 2008 at 12:48:21AM +0300, Andrei Popescu wrote: > Hi, > > Recently my mother (running Lenny) switched ISPs and is now behind a > NAT, which makes direct ssh access impossible. A reverse ssh tunnel can > solve this, but having her type a passphrase every time is hmm... > unrealistic. > > If I create a key without passphrase it would make my own system > vulnerable. Of course, I can put some restrictions on the key via the > authorized_keys file, but is that enough? > > Or do you have any other ideas?
openvpn + iptables.
Use openvpn with cert's to create a tunnel and then use iptables on your
end to block any traffic, until you want to use it.
>
> Regards,
> Andrei
> --
> If you can't explain it simply, you don't understand it well enough.
> (Albert Einstein)
--
I'll learn to play the Saxophone,
I play just what I feel.
Drink Scotch whisky all night long,
And die behind the wheel.
They got a name for the winners in the world,
I want a name when I lose.
They call Alabama the Crimson Tide,
Call me Deacon Blues.
-- Becker and Fagan, "Deacon Blues"
signature.asc
Description: Digital signature
