[mythtv-users] Securing Mythweb?
leamas.alec at gmail.com
Mon Sep 18 15:32:51 UTC 2017
On 18/09/17 12:32, Nate Bargmann wrote:
> * On 2017 18 Sep 04:42 -0500, Jim Abernathy wrote:
>> When I’m away, the port forwarding is turned on for the Mythtv backend and all other computer on the network are powered down.
> The next step is to create an SSH tunnel (I also set this up as a Bash
> alias so I wouldn't forget):
In a systemd environment, you can automate this so that the ssh tunnel
is created when accessing the local endpoint. An example for imap (port
143) involves two files in /etc/systemd/system.
First we have myhost-imap.socket:
Description = my-host imap service at localhost:143
ListenStream = 143
Accept = yes
And finally myhost-imap at .service
Description = SSH tunnel to my-host imap service
ExecStart = -/bin/ssh -W localhost:143 mm at my-host.com
StandardInput = socket
Here, the tunnel is run locally as root but connects to another account
on the remote server. YMMV. The tunnel is created as soon as any client
tries to connect to localhost:143.
Overall, this has been an extremely stable setup for me.
More information about the mythtv-users