Re: Remote administration of a machine behind NAT - VM for support
Am Montag, 8. September 2008 23:48:21 schrieb Andrei Popescu:
> Hi,
>
> Recently my mother (running Lenny) switched ISPs and is now behind a
> NAT, which makes direct ssh access impossible. A reverse ssh tunnel can
> solve this, but having her type a passphrase every time is hmm...
> unrealistic.
>
> If I create a key without passphrase it would make my own system
> vulnerable. Of course, I can put some restrictions on the key via the
> authorized_keys file, but is that enough?
>
> Or do you have any other ideas?
>
> Regards,
> Andrei
I use a virtual machine for support and have my router forward ssh there.
Something simple with fluxbox or even no X at all, should fit a 32MB VM and
come up within a blink of an eye. For extra paranoia you can revert to a
clean snapshot after finishing the session.
So if the VM isn't up Joe Random Hacker can scan port 22 all day.
Dex
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d--(+)@ s-:+ a C++++ UL++ P+>++ L+++>++++ E-- W++ N o? K-
w--(---) !O M+ V- PS+ PE Y++ PGP t++(---)@ 5 X+(++) R+(++) tv--(+)@
b++(+++) DI+++ D- G++ e* h>++ r* y?
------END GEEK CODE BLOCK------
http://www.vorratsdatenspeicherung.de
Reply to: