[mythtv-users] Securing Mythweb?

Hika van den Hoven hikavdh at gmail.com
Fri Sep 15 02:14:40 UTC 2017 

Hoi Jim,

Friday, September 15, 2017, 12:07:05 AM, you wrote:



> On 09/14/2017 01:56 PM, Peter Bennett wrote:
>>
>>
>> On 09/14/2017 10:19 AM, Jim Abernathy wrote:
>>> I notice that the header on the wiki about Securing Mythweb is tagged 
>>> as outdated.
>>>
>>> https://www.mythtv.org/wiki/Securing_MythWeb
>>>
>>> Are there some easy instructions for putting a strong password on my 
>>> mythtv system so I can setup programs to record while away from home?
>>>
>>> I can set my port forwarding in my DSL box so I can get to Mythweb 
>>> when away from home, but it goes straight to the mythweb page.  I 
>>> need to protect it.  When I’m gone from home all computers on the LAN 
>>> are turned off except for the mythtv box. So I just need to protect 
>>> my mythtv recordings and setup.  Once I get back home, I stop the 
>>> port forwarding.  I only do this once or twice a year and it’s only 
>>> open for a few weeks at a time.  So I don’t really want to install a 
>>> VPN, etc.  I figure I can have a really good password to protect 
>>> mythweb at least for the short period I’m gone.
>>>
>>> Ideas? I need to do this rather quickly, thus the avoidance of VPN
>>>
>>> Jim A
>>>
>>>
>> What I do is set up xrdp on my home system. This lets you login like 
>> "Remote desktop" on windows. you can login from windows machines 
>> remote desktop or from linux using Remmina. I open the remote desktop 
>> port and once logged in I can run a browser, run mythfrontend, etc. It 
>> gives more control over the system.
>>
>> Note I use xubuntu with xfce window manager on the backend. Other 
>> window managers such as unity do not work with this (at least last 
>> time I tried).
>>
>> Another option is to open a ssh port, then you can do port forwarding 
>> of the browser. This works:
>>
>> ssh -p 10022 -L 10080:serenity:80 -C peter at xxx.xxx.xxx.xxx
>>
>> assuming port 10022 is the external port that maps to the ssh port 22, 
>> serenity is the name of your backend, peter is your user id and 
>> xxx.xxx.xxx.xxx is your external ip address.
>>
>> Then just use url http://localhost:10080/mythweb in the browser on the 
>> remote machine after connecting with ssh.
>>
>> I think these methods are safer than putting an http password because 
>> to be secure over http you really need ssl and that is painful to set 
>> up. Remote desktop and ssh are already secure and require your Linux 
>> password.
>>
>> Also it is recommended not to use the standard port numbers when 
>> exposing remote desktop, ssh or http.
>>
>> Peter

> I'll play with this, but I may have to set ssh permissions or turn on 
> features.  I have the default ssh.  I also am running mythbuntu 16.04,
> so I think that is xubuntu and xfce or close to.

> Thanks,

> Jim A

The only way to create a relatively secure access is tunneling or vpn.
Create a tunnel from your laptop to your network.
I have one both from my laptop and my android device. As far as those
devices know they are inside my network and unless someone grabs my
key...
This way you can do anything from your vpn connected device without
the application being any the wiser.
Beside that I have setup mytweb with ssl and passwords through ldap

Tot mails,
  Hika                            mailto:hikavdh at gmail.com

"Zonder hoop kun je niet leven
Zonder leven is er geen hoop
Het eeuwige dilemma
Zeker als je hoop moet vernietigen om te kunnen overleven!"

De lerende Mens

More information about the mythtv-users mailing list