[nzlug] remote access to my home machine

[Andrew Bruce]

Michal Ludvig wrote:
> Simon wrote:
>   
>> Here's something I didn't think I'd need to do!
>>
>> My machine is behind a hardware router (DHCP) - so how am I supposed to
>> connect to it from outside?
>>     
>
> As you mentioned you couldn't install anything on the clients used for
> remote access here's one possible solution, actually in use by me:
>
> 1) Install HTTP server and SSH daemon on your home box.
>
> 2) Forward two arbitrary ports on your DSL router to the home server
> (say 2222 for SSH and 8888 for HTTP)
>
> 3) Make Mindterm Java SSH client available on that HTTP server, for
> instance as http://that-host-ip/ssh.html (HTML page with the appropriate
> <applet> tag, see http://www.logix.cz/michal/ssh and check the page
> source code for live example).
>
> 4) In the client's browser open the external url of your home server,
> e.g. http://ext-dsl-address:8888/ssh.html and let the Mindterm SSH
> applet start. It will only be allowed to connect to the the same IP
> address it was downloaded from, i.e. to ext-dsl-address:2222
>
> 5) Enter the username and password and there you are. No installing of
> anything from the net, just a browser, Java (default on XP) and two open
>  ports.
>
> HTH,
>
> Michal
>   

Having just set this up, so that I can gain access from school, and from 
internet cafe's, I'm thinking
about the security issues.  What I would like to start doing (for both 
direct and via MindTerm access) is only allow some sort of really strong 
key entry to the server, when accessed from the insecure network.  Using 
passwords for internal access isn't so much of a worry for me.

I've previously heard of people carrying the keys around with them on a 
USB stick so they can use it with whatever SSH client they are using on 
whatever PC (in some cases I just use Putty or the ssh terminal client, 
in others I will be using MindTerm).

What should I be looking at for doing this?

How would one go about setting this up?


Andrew