[mythtv-users] Securing Mythweb?
Alec Leamas
leamas.alec at gmail.com
Mon Sep 18 15:32:51 UTC 2017
On 18/09/17 12:32, Nate Bargmann wrote:
> * On 2017 18 Sep 04:42 -0500, Jim Abernathy wrote:
>> When I’m away, the port forwarding is turned on for the Mythtv backend and all other computer on the network are powered down.
> The next step is to create an SSH tunnel (I also set this up as a Bash
> alias so I wouldn't forget):
In a systemd environment, you can automate this so that the ssh tunnel
is created when accessing the local endpoint. An example for imap (port
143) involves two files in /etc/systemd/system.
First we have myhost-imap.socket:
[Unit]
Description = my-host imap service at localhost:143
[Socket]
ListenStream = 143
Accept = yes
[Install
And finally myhost-imap at .service
[Unit]
Description = SSH tunnel to my-host imap service
[Service]
ExecStart = -/bin/ssh -W localhost:143 mm at my-host.com
StandardInput = socket
Here, the tunnel is run locally as root but connects to another account
on the remote server. YMMV. The tunnel is created as soon as any client
tries to connect to localhost:143.
Overall, this has been an extremely stable setup for me.
Cheers!
--alec
More information about the mythtv-users
mailing list