Ben Stallings <Ben at workscited.net> writes: > Let's imagine for a moment that you're configuring a Linux box for a computer > amateur, like your grandmother. If your grandmother is a technogoddess, > imagine someone else's grandmother. She wants a graphical Web browser and > e-mail client and nothing else, so you lock the system down very tight ... > she can't get into any programs that she doesn't understand. > > Now let's say she calls you up and says something is wrong with the computer. > You gather that it turns on and the screen lights up, but beyond that she's > really not very descriptive about what exactly is happening. She's miles > away from you, so you really don't want to go to her place or have her bring > the computer to you. You kick yourself for not installing some sort of back > door so you can dial into her machine and check it out as root. > > Now let's say you foresee this situation and do in fact install some sort of > back door. What software do you use? How do you secure it so that other > people don't hack her computer? How do you make it easy enough for her to > start when she needs to without being so obvious that she starts it > unnecessarily? --Ben I'd have her computer run sshd, and install my public-key identity in my user account (so I didn't have to remember the password). And I'd install zup, built so that it let me become root but nobody else, so I didn't have to remember her root password (or know if she changed it). If she's behind a NAT box, I'd have to set up port forwarding to get my ssh connect to the linux box. With ssh, I can then tunnel in anything else I need, like a secure web connection, or X display. -- David Dyer-Bennet, dd-b at dd-b.net / Ghugle: the Fannish Ghod of Queries John Dyer-Bennet 1915-2002 Memorial Site http://john.dyer-bennet.net Book log: http://www.dd-b.net/dd-b/Ouroboros/booknotes/ Photos: http://dd-b.lighthunters.net/