Remote Access

Since configuring remote SSH and OpenVPN on my router, I have not permanently enabled any WAN side services. I am a tad paranoid about exposing services to the fuster cluck web.

When I anticipate needing the remote services, I enable them before leaving the house.

Except I'm human. I forget. Often.

I looked for ways I might be able to remotely trigger the router to enable those services. A popular click-through topic is port knocking. I decided against that option. Black magic hocus pocus and not well supported on DD-WRT..

I considered sending myself an email. The email could be discovered by a cron job running every 5 minutes, which could trigger a script to SSH into the router and enable the desired services. Except the mail client might not be running.

I thought about a marker file uploaded to this web site. A cron job running every five minutes could detect the file or state change. Doable but the idea sounded clunky.

Eventually I decided to keep the WAN side SSH port open all the time. I have password logins disabled. My private key is password protected should I lose control of my keys.

While I use the standard port 22 on the LAN side, I am not using that port on the WAN side. Moving the port doesn’t much fool anybody but tends to reduce intrusion attempts.

WAN side pings are disabled.

At least now I no longer worry about forgetting. Should I forget before walking out of the house and I need remote access to the office, I need only SSH into the router and run a script that enables any desired remote services.

I run a daily cron job to check WAN side services. I’ll be reminded upon returning home.

I'm probably safe enough. I hope so.

Posted: Category: Usability Tagged: General

Next: Using Xfce Again

Previous: Firefox Crashing