[mythtv-users] Is there interest for a couple very short HOWTO's?

[Malcolm]

----- Original Message ----- 
From: "Chris Strom" <mythtv at eeeCooks.com>
Sent: Friday, March 26, 2004 6:01 AM


> On Thu, Mar 25, 2004 at 08:34:59PM -0700, Nowhere wrote:
> > I am somewhat new to Linux and I just secured my Mythweb with a password
> > so that I can safely pass the port through my router and access it from
> > the internet.  I know for the experience Linux users out there it's a no
> > brainer but I had to read up how to do it.  Anyone want me to write up a
> > short HOWTO on this?
>
> Call me paranoid, but I don't regard this as "safe".  The
> username/password are sent in clear text.  Unless you're using something
> like /etc/hosts.allow or additional apache configuration, anyone can
> access the resource.  I accomplish the same thing via SSH tunnel.
>
> The only port that I have opened is for SSH (and for that I only allow
> two IP addresses access, set both in the firewall and in
> /etc/hosts.allow).  I use SSH port forwarding to access the various net
> resources, including mythweb on my apache server:
>
> remote-host $ ssh -L 10080:localhost:80 my-home-ip-address
>
> To access mythweb I then open the following URL in my browser:
>
> http://localhost:10080/mythweb/
>
> Port forwarding sends all request to port 10080 on remote-host (e.g. my
> work computer) to port 80 of my mythbox.  It's all encrypted by the SSH
> connection and the security administration is easier (read more secure).
> If your SSH box and mythbox are different, then simply:
>
> # Note the change in the argument to the -L switch
> remote-host $ ssh -L 10080:mythbox:80 my-home-ip-address

Well he's probably using SSL (https on port 443) and not just straight http
on port 80.  I know at least I am.  I must admint though the SSH tunnel is
the most secure method but not the easiest when over at a friends house and
you want to show him or select something to record.

Malcolm