[mythtv-users] Securing Mythweb?
Jim Abernathy
jfabernathy at outlook.com
Thu Sep 14 22:07:05 UTC 2017
On 09/14/2017 01:56 PM, Peter Bennett wrote:
>
>
> On 09/14/2017 10:19 AM, Jim Abernathy wrote:
>> I notice that the header on the wiki about Securing Mythweb is tagged
>> as outdated.
>>
>> https://www.mythtv.org/wiki/Securing_MythWeb
>>
>> Are there some easy instructions for putting a strong password on my
>> mythtv system so I can setup programs to record while away from home?
>>
>> I can set my port forwarding in my DSL box so I can get to Mythweb
>> when away from home, but it goes straight to the mythweb page. I
>> need to protect it. When I’m gone from home all computers on the LAN
>> are turned off except for the mythtv box. So I just need to protect
>> my mythtv recordings and setup. Once I get back home, I stop the
>> port forwarding. I only do this once or twice a year and it’s only
>> open for a few weeks at a time. So I don’t really want to install a
>> VPN, etc. I figure I can have a really good password to protect
>> mythweb at least for the short period I’m gone.
>>
>> Ideas? I need to do this rather quickly, thus the avoidance of VPN
>>
>> Jim A
>>
>>
> What I do is set up xrdp on my home system. This lets you login like
> "Remote desktop" on windows. you can login from windows machines
> remote desktop or from linux using Remmina. I open the remote desktop
> port and once logged in I can run a browser, run mythfrontend, etc. It
> gives more control over the system.
>
> Note I use xubuntu with xfce window manager on the backend. Other
> window managers such as unity do not work with this (at least last
> time I tried).
>
> Another option is to open a ssh port, then you can do port forwarding
> of the browser. This works:
>
> ssh -p 10022 -L 10080:serenity:80 -C peter at xxx.xxx.xxx.xxx
>
> assuming port 10022 is the external port that maps to the ssh port 22,
> serenity is the name of your backend, peter is your user id and
> xxx.xxx.xxx.xxx is your external ip address.
>
> Then just use url http://localhost:10080/mythweb in the browser on the
> remote machine after connecting with ssh.
>
> I think these methods are safer than putting an http password because
> to be secure over http you really need ssl and that is painful to set
> up. Remote desktop and ssh are already secure and require your Linux
> password.
>
> Also it is recommended not to use the standard port numbers when
> exposing remote desktop, ssh or http.
>
> Peter
I'll play with this, but I may have to set ssh permissions or turn on
features. I have the default ssh. I also am running mythbuntu 16.04,
so I think that is xubuntu and xfce or close to.
Thanks,
Jim A
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://lists.mythtv.org/mailman/listinfo/mythtv-users
> http://wiki.mythtv.org/Mailing_List_etiquette
> MythTV Forums: https://forum.mythtv.org
More information about the mythtv-users
mailing list