[mythtv-users] Is there interest for a couple very short HOWTO's?
mythtv at lds.dyndns.org
Fri Mar 26 11:33:02 EST 2004
----- Original Message -----
From: "Chris Strom" <mythtv at eeeCooks.com>
Sent: Friday, March 26, 2004 6:01 AM
> On Thu, Mar 25, 2004 at 08:34:59PM -0700, Nowhere wrote:
> > I am somewhat new to Linux and I just secured my Mythweb with a password
> > so that I can safely pass the port through my router and access it from
> > the internet. I know for the experience Linux users out there it's a no
> > brainer but I had to read up how to do it. Anyone want me to write up a
> > short HOWTO on this?
> Call me paranoid, but I don't regard this as "safe". The
> username/password are sent in clear text. Unless you're using something
> like /etc/hosts.allow or additional apache configuration, anyone can
> access the resource. I accomplish the same thing via SSH tunnel.
> The only port that I have opened is for SSH (and for that I only allow
> two IP addresses access, set both in the firewall and in
> /etc/hosts.allow). I use SSH port forwarding to access the various net
> resources, including mythweb on my apache server:
> remote-host $ ssh -L 10080:localhost:80 my-home-ip-address
> To access mythweb I then open the following URL in my browser:
> Port forwarding sends all request to port 10080 on remote-host (e.g. my
> work computer) to port 80 of my mythbox. It's all encrypted by the SSH
> connection and the security administration is easier (read more secure).
> If your SSH box and mythbox are different, then simply:
> # Note the change in the argument to the -L switch
> remote-host $ ssh -L 10080:mythbox:80 my-home-ip-address
Well he's probably using SSL (https on port 443) and not just straight http
on port 80. I know at least I am. I must admint though the SSH tunnel is
the most secure method but not the easiest when over at a friends house and
you want to show him or select something to record.
More information about the mythtv-users