[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Remote administration of a machine behind NAT

On Tue, Sep 09, 2008 at 12:48:21AM +0300, Andrei Popescu wrote:
> Hi,
> Recently my mother (running Lenny) switched ISPs and is now behind a 
> NAT, which makes direct ssh access impossible. A reverse ssh tunnel can 
> solve this, but having her type a passphrase every time is hmm...  
> unrealistic.
> If I create a key without passphrase it would make my own system 
> vulnerable. Of course, I can put some restrictions on the key via the 
> authorized_keys file, but is that enough?
> Or do you have any other ideas?

openvpn + iptables.

Use openvpn with cert's to create a tunnel and then use iptables on your
end to block any traffic, until you want to use it.

> Regards,
> Andrei
> -- 
> If you can't explain it simply, you don't understand it well enough.
> (Albert Einstein)

I'll learn to play the Saxophone,
I play just what I feel.
Drink Scotch whisky all night long,
And die behind the wheel.
They got a name for the winners in the world,
I want a name when I lose.
They call Alabama the Crimson Tide,
Call me Deacon Blues.
		-- Becker and Fagan, "Deacon Blues"

Attachment: signature.asc
Description: Digital signature

Reply to: