Am Montag, 8. September 2008 23:48:21 schrieb Andrei Popescu: > Hi, > > Recently my mother (running Lenny) switched ISPs and is now behind a > NAT, which makes direct ssh access impossible. A reverse ssh tunnel can > solve this, but having her type a passphrase every time is hmm... > unrealistic. > > If I create a key without passphrase it would make my own system > vulnerable. Of course, I can put some restrictions on the key via the > authorized_keys file, but is that enough? > > Or do you have any other ideas? > > Regards, > Andrei
I use a virtual machine for support and have my router forward ssh there. Something simple with fluxbox or even no X at all, should fit a 32MB VM and come up within a blink of an eye. For extra paranoia you can revert to a clean snapshot after finishing the session. So if the VM isn't up Joe Random Hacker can scan port 22 all day. Dex -- -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d--(+)@ s-:+ a C++++ UL++ P+>++ L+++>++++ E-- W++ N o? K- w--(---) !O M+ V- PS+ PE Y++ PGP t++(---)@ 5 X+(++) R+(++) tv--(+)@ b++(+++) DI+++ D- G++ e* h>++ r* y? ------END GEEK CODE BLOCK------ http://www.vorratsdatenspeicherung.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
