[mythtv-users] Securing Mythweb?

Peter Bennett cats22 at comcast.net
Thu Sep 14 17:56:42 UTC 2017 


On 09/14/2017 10:19 AM, Jim Abernathy wrote:
> I notice that the header on the wiki about Securing Mythweb is tagged 
> as outdated.
>
> https://www.mythtv.org/wiki/Securing_MythWeb
>
> Are there some easy instructions for putting a strong password on my 
> mythtv system so I can setup programs to record while away from home?
>
> I can set my port forwarding in my DSL box so I can get to Mythweb 
> when away from home, but it goes straight to the mythweb page.  I need 
> to protect it.  When I’m gone from home all computers on the LAN are 
> turned off except for the mythtv box. So I just need to protect my 
> mythtv recordings and setup.  Once I get back home, I stop the port 
> forwarding.  I only do this once or twice a year and it’s only open 
> for a few weeks at a time.  So I don’t really want to install a VPN, 
> etc.  I figure I can have a really good password to protect mythweb at 
> least for the short period I’m gone.
>
> Ideas? I need to do this rather quickly, thus the avoidance of VPN
>
> Jim A
>
>
What I do is set up xrdp on my home system. This lets you login like 
"Remote desktop" on windows. you can login from windows machines remote 
desktop or from linux using Remmina. I open the remote desktop port and 
once logged in I can run a browser, run mythfrontend, etc. It gives more 
control over the system.

Note I use xubuntu with xfce window manager on the backend. Other window 
managers such as unity do not work with this (at least last time I tried).

Another option is to open a ssh port, then you can do port forwarding of 
the browser. This works:

ssh -p 10022 -L 10080:serenity:80 -C peter at xxx.xxx.xxx.xxx

assuming port 10022 is the external port that maps to the ssh port 22, 
serenity is the name of your backend, peter is your user id and 
xxx.xxx.xxx.xxx is your external ip address.

Then just use url http://localhost:10080/mythweb in the browser on the 
remote machine after connecting with ssh.

I think these methods are safer than putting an http password because to 
be secure over http you really need ssl and that is painful to set up. 
Remote desktop and ssh are already secure and require your Linux password.

Also it is recommended not to use the standard port numbers when 
exposing remote desktop, ssh or http.

Peter

More information about the mythtv-users mailing list