[mythtv-users] Securing Mythweb?

Fri Sep 15 15:42:46 UTC 2017

On Sep 14, 2017, at 1:56 PM, Peter Bennett <cats22 at comcast.net<mailto:cats22 at comcast.net>> wrote:

On 09/14/2017 10:19 AM, Jim Abernathy wrote:
I notice that the header on the wiki about Securing Mythweb is tagged as outdated.

https://www.mythtv.org/wiki/Securing_MythWeb

Are there some easy instructions for putting a strong password on my mythtv system so I can setup programs to record while away from home?

I can set my port forwarding in my DSL box so I can get to Mythweb when away from home, but it goes straight to the mythweb page.  I need to protect it.  When I’m gone from home all computers on the LAN are turned off except for the mythtv box. So I just need to protect my mythtv recordings and setup.  Once I get back home, I stop the port forwarding.  I only do this once or twice a year and it’s only open for a few weeks at a time.  So I don’t really want to install a VPN, etc.  I figure I can have a really good password to protect mythweb at least for the short period I’m gone.

Ideas? I need to do this rather quickly, thus the avoidance of VPN

Jim A

What I do is set up xrdp on my home system. This lets you login like "Remote desktop" on windows. you can login from windows machines remote desktop or from linux using Remmina. I open the remote desktop port and once logged in I can run a browser, run mythfrontend, etc. It gives more control over the system.

Note I use xubuntu with xfce window manager on the backend. Other window managers such as unity do not work with this (at least last time I tried).

Another option is to open a ssh port, then you can do port forwarding of the browser. This works:

ssh -p 10022 -L 10080:serenity:80 -C peter at xxx.xxx.xxx.xxx<mailto:peter at xxx.xxx.xxx.xxx>

assuming port 10022 is the external port that maps to the ssh port 22, serenity is the name of your backend, peter is your user id and xxx.xxx.xxx.xxx is your external ip address.

Then just use url http://localhost:10080/mythweb in the browser on the remote machine after connecting with ssh.

I think these methods are safer than putting an http password because to be secure over http you really need ssl and that is painful to set up. Remote desktop and ssh are already secure and require your Linux password.

Also it is recommended not to use the standard port numbers when exposing remote desktop, ssh or http.

Peter

I got remote VNC to work.  x11vnc server is installed in mythbuntu if you enable that service in mythtv control center. I just give it a strong password at startup.  I just have to figure out how to have x11vncserver run at boot time automatically. I now can run mythweb or mythfrontend remotely.

Thanks,

JIm A

_______________________________________________
mythtv-users mailing list
mythtv-users at mythtv.org<mailto:mythtv-users at mythtv.org>
http://lists.mythtv.org/mailman/listinfo/mythtv-users
http://wiki.mythtv.org/Mailing_List_etiquette
MythTV Forums: https://forum.mythtv.org<https://forum.mythtv.org/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mythtv.org/pipermail/mythtv-users/attachments/20170915/814f64b7/attachment.html>