[mythtv-users] Securing Mythweb?

Alec Leamas leamas.alec at gmail.com
Mon Sep 18 15:32:51 UTC 2017

On 18/09/17 12:32, Nate Bargmann wrote:
> * On 2017 18 Sep 04:42 -0500, Jim Abernathy wrote:
>> When I’m away, the port forwarding is turned on for the Mythtv backend and all other computer on the network are powered down.

> The next step is to create an SSH tunnel (I also set this up as a Bash
> alias so I wouldn't forget):

In a systemd environment, you can automate this so that the ssh tunnel 
is created when accessing the local endpoint. An example for imap (port 
143) involves two files in /etc/systemd/system.

First we have myhost-imap.socket:

     Description = my-host imap service at localhost:143

     ListenStream = 143
     Accept = yes


And finally myhost-imap at .service

     Description = SSH tunnel to my-host imap service

     ExecStart = -/bin/ssh -W localhost:143 mm at my-host.com
     StandardInput = socket

Here, the tunnel is run locally as root but connects to another account 
on the remote server. YMMV. The tunnel is created as soon as any client 
tries to connect to localhost:143.

Overall, this has been an extremely stable setup for me.


More information about the mythtv-users mailing list