On Thu, 02 Apr 2015 23:11:57 -0400 Eric Furman <ericfur...@fastmail.net> wrote: > Thanks for the info and I expected someone to suggest this, > but I didn't really want to go all crazy. :) > I wanted to know if there was a secure one so I wouldn't have > to jump through all these kind of hoops. > Thanks anyway. >
doing the whole thing may be extreme, but you needn't go that far. a good tradeoff between convenience and security here may be: a separate user, that you login to using 'ssh -X', and deny access via pf. that way they are unpriviledged, there is a filter between that user and X (ssh -X) and just in case, deny net access to prevent leaking or communicating and downloading more sophisticated code. shouldn't take more than a minute to set that up, and then just a single command line to use.
