[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Remote administration of a machine behind NAT



On Tue,09.Sep.08, 00:48:21, Andrei Popescu wrote:
> Hi,
> 
> Recently my mother (running Lenny) switched ISPs and is now behind a 
> NAT, which makes direct ssh access impossible. A reverse ssh tunnel can 
> solve this, but having her type a passphrase every time is hmm...  
> unrealistic.
> 
> If I create a key without passphrase it would make my own system 
> vulnerable. Of course, I can put some restrictions on the key via the 
> authorized_keys file, but is that enough?

I have created a key-pair for this and put the following in 
.ssh/authorized_keys (basically I denied everything and then enabled 
just enough to make it work for my needs):

command="/bin/true",no-agent-forwarding,no-pty,no-user-rc,no-X11-forwarding,permitopen="localhost:1234"

Can anyone spot a possible attack vector? 

Regards,
Andrei
-- 
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)

Attachment: signature.asc
Description: Digital signature


Reply to: