[mythtv-users] Securing Mythweb?

Jim Abernathy jfabernathy at outlook.com
Thu Sep 14 22:07:05 UTC 2017 


On 09/14/2017 01:56 PM, Peter Bennett wrote:
>
>
> On 09/14/2017 10:19 AM, Jim Abernathy wrote:
>> I notice that the header on the wiki about Securing Mythweb is tagged 
>> as outdated.
>>
>> https://www.mythtv.org/wiki/Securing_MythWeb
>>
>> Are there some easy instructions for putting a strong password on my 
>> mythtv system so I can setup programs to record while away from home?
>>
>> I can set my port forwarding in my DSL box so I can get to Mythweb 
>> when away from home, but it goes straight to the mythweb page.  I 
>> need to protect it.  When I’m gone from home all computers on the LAN 
>> are turned off except for the mythtv box. So I just need to protect 
>> my mythtv recordings and setup.  Once I get back home, I stop the 
>> port forwarding.  I only do this once or twice a year and it’s only 
>> open for a few weeks at a time.  So I don’t really want to install a 
>> VPN, etc.  I figure I can have a really good password to protect 
>> mythweb at least for the short period I’m gone.
>>
>> Ideas? I need to do this rather quickly, thus the avoidance of VPN
>>
>> Jim A
>>
>>
> What I do is set up xrdp on my home system. This lets you login like 
> "Remote desktop" on windows. you can login from windows machines 
> remote desktop or from linux using Remmina. I open the remote desktop 
> port and once logged in I can run a browser, run mythfrontend, etc. It 
> gives more control over the system.
>
> Note I use xubuntu with xfce window manager on the backend. Other 
> window managers such as unity do not work with this (at least last 
> time I tried).
>
> Another option is to open a ssh port, then you can do port forwarding 
> of the browser. This works:
>
> ssh -p 10022 -L 10080:serenity:80 -C peter at xxx.xxx.xxx.xxx
>
> assuming port 10022 is the external port that maps to the ssh port 22, 
> serenity is the name of your backend, peter is your user id and 
> xxx.xxx.xxx.xxx is your external ip address.
>
> Then just use url http://localhost:10080/mythweb in the browser on the 
> remote machine after connecting with ssh.
>
> I think these methods are safer than putting an http password because 
> to be secure over http you really need ssl and that is painful to set 
> up. Remote desktop and ssh are already secure and require your Linux 
> password.
>
> Also it is recommended not to use the standard port numbers when 
> exposing remote desktop, ssh or http.
>
> Peter

I'll play with this, but I may have to set ssh permissions or turn on 
features.  I have the default ssh.  I also am running mythbuntu 16.04, 
so I think that is xubuntu and xfce or close to.

Thanks,

Jim A

> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://lists.mythtv.org/mailman/listinfo/mythtv-users
> http://wiki.mythtv.org/Mailing_List_etiquette
> MythTV Forums: https://forum.mythtv.org

More information about the mythtv-users mailing list