Ben Stallings <Ben at workscited.net> writes:

> Let's imagine for a moment that you're configuring a Linux box for a computer 
> amateur, like your grandmother.  If your grandmother is a technogoddess, 
> imagine someone else's grandmother.  She wants a graphical Web browser and 
> e-mail client and nothing else, so you lock the system down very tight ... 
> she can't get into any programs that she doesn't understand.
> 
> Now let's say she calls you up and says something is wrong with the computer. 
>  You gather that it turns on and the screen lights up, but beyond that she's 
> really not very descriptive about what exactly is happening.  She's miles 
> away from you, so you really don't want to go to her place or have her bring 
> the computer to you.  You kick yourself for not installing some sort of back 
> door so you can dial into her machine and check it out as root.
> 
> Now let's say you foresee this situation and do in fact install some sort of 
> back door.  What software do you use?  How do you secure it so that other 
> people don't hack her computer?  How do you make it easy enough for her to 
> start when she needs to without being so obvious that she starts it 
> unnecessarily?  --Ben

I'd have her computer run sshd, and install my public-key identity in
my user account (so I didn't have to remember the password).  And I'd
install zup, built so that it let me become root but nobody else, so
I didn't have to remember her root password (or know if she changed
it).  If she's behind a NAT box, I'd have to set up port forwarding to
get my ssh connect to the linux box. 

With ssh, I can then tunnel in anything else I need, like a secure web
connection, or X display.
-- 
David Dyer-Bennet, dd-b at dd-b.net  /  Ghugle: the Fannish Ghod of Queries
 John Dyer-Bennet 1915-2002 Memorial Site http://john.dyer-bennet.net
        Book log: http://www.dd-b.net/dd-b/Ouroboros/booknotes/
                 Photos: http://dd-b.lighthunters.net/