On Wed,10.Sep.08, 17:15:41, Chris Davies wrote: > Andrei Popescu <[EMAIL PROTECTED]> wrote: > > Maybe I'm dense, but I still don't see the benefits compared to a ssh > > tunnel. > > You have already pointed out that you can't use an ssh tunnel. > > Your mother's PC is behind at least one layer of NAT, so any connection > must be instantiated from there. Start OpenVPN from your mother's PC > and that will give you a *bi*directional tunnel between her PC and your > server. You can use that bi-directional tunnel at your convenience to > start a ssh session (vnc viewer, whatever) from your end /to/ her PC. > (The OpenVPN connection makes the NAT difficulties irrelevant.) > > I'm struggling to see how to explain it more simply, sorry. Sorry, but I think you are missing my problem. I know how to build a *reverse* ssh tunnel (actually I already have it in place), where the connection is initiated by my mother (she has to connect the laptop to the internet anyway, one more click on a button calling a script is not a problem).
But how can I prevent a possible attacker to abuse this setup to access my laptop? Right now that key - goes to a dedicated user-account (which belongs to no group other that its own - the key is restricted via .ssh/authorized_keys as much as possible (see the answer to myself) Do you see any exploitable weakness in this approach? Alos as I understand OpenVPN would only replace ssh with a different (but somewhat equivalent) technology. I don't see any added benefits compared to ssh. If I'm missing something please explain because I fail to see the difference. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein)
signature.asc
Description: Digital signature
