On Tue, Sep 09, 2008 at 12:48:21AM +0300, Andrei Popescu wrote: > Hi, > > Recently my mother (running Lenny) switched ISPs and is now behind a > NAT, which makes direct ssh access impossible. A reverse ssh tunnel can > solve this, but having her type a passphrase every time is hmm... > unrealistic. > > If I create a key without passphrase it would make my own system > vulnerable. Of course, I can put some restrictions on the key via the > authorized_keys file, but is that enough? > > Or do you have any other ideas? openvpn + iptables. Use openvpn with cert's to create a tunnel and then use iptables on your end to block any traffic, until you want to use it. > > Regards, > Andrei > -- > If you can't explain it simply, you don't understand it well enough. > (Albert Einstein) -- I'll learn to play the Saxophone, I play just what I feel. Drink Scotch whisky all night long, And die behind the wheel. They got a name for the winners in the world, I want a name when I lose. They call Alabama the Crimson Tide, Call me Deacon Blues. -- Becker and Fagan, "Deacon Blues"
Attachment:
signature.asc
Description: Digital signature