[mythtv-users] Securing Mythweb?

Marlon Buchanan mlb.linux at gmail.com
Fri Sep 15 16:53:25 UTC 2017


On Fri, Sep 15, 2017 at 9:40 AM, Stephen Worthington <
stephen_agent at jsw.gen.nz> wrote:

> On Fri, 15 Sep 2017 15:42:46 +0000, you wrote:
>
> >I got remote VNC to work.  x11vnc server is installed in mythbuntu if you
> enable that service in mythtv control center. I just give it a strong
> password at startup.  I just have to figure out how to have x11vncserver
> run at boot time automatically. I now can run mythweb or mythfrontend
> remotely.
>
> The VNC protocol is really insecure - as best I can remember, it sends
> passwords in clear text.  It should only be used when connecting via
> an encrypted connection.
>
> Basically, there are no shortcuts to getting remote access to MythTV -
> if you want proper security, you have to use either a VPN or an
> encrypted tunnel.  Nothing else is good enough to ensure safety.  I
> use OpenVPN and then VNC inside that.  OpenVPN is a pain to set up,
> but gives about the best security available when used with the correct
> options.
>

Honestly, you'd be probably be better off setting up a password to mythweb
than opening up VNC to your entire computer. But you may decide the risk is
worth it if you are only going to enable for short bursts here and
there...I setup htdigest and ssl access to my apache server a long time
ago, and I honestly don't remember. I'm sure you could probably use a
general SSL apache setup guide and then modify the mythweb apache config
file appropriately.

As mentioned, SSH tunnel or OpenVPN or similar is probably the best way to
go. For what it is worth, I use a router running pfsense and setting up
openvpn on that was relatively easy to do following some guide I found in
the forums. pfsense takes a some time to setup but the features are worth
it you are security oriented at home (and it has other features that make
managing your home network easier/better).

-Marlon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mythtv.org/pipermail/mythtv-users/attachments/20170915/6c81e1ef/attachment.html>


More information about the mythtv-users mailing list