![]() ![]() You can use either the public server provided by Jitsi() or your own server for Jitsi Video Conferencing. ![]() There is no need for any login credentials. You can just open the conference link and click “Go” to start the video conference call. It is a browser-based online application. I periodically scan my network from the internet, looking for open ports, in case there is something that has been inadvertently left open for longer than it needed to be.Jitsi Meet is an Open Source application that provides secure video conferencing solutions. Based on that monitoring, if you open SSH on a random port (not on port 22) then you don’t get a lot of attacks (in fact none or close to none) and the assumption is that passwords are strong, so that is a second line of defense.Īlso, the default Linux SSH server allows you to specify which users are permitted to use remote access (so you could completely deny the inexperienced user remote access if you are concerned that the user will not keep a strong password).Īt the end of the day, a network with an open port is very likely to be less secure than the same network without an open port. My assumption is that if is helping some other user and clearly he understands the options being presented, he can assess what is appropriate security, and what is not, and how long the port should be open for, etc. To open a port-forward for a user who do not understand the concept and risk is not a good solution - especially not if it is only to avoid a reverse port-forward ssh command (which is on the other hand an example for real good practice: the user has to act to let some third party in). Between the DMZ and the private network there is a firewall located also (the same as between public and DMZ in small setups and a separated one in better protected networks). Between the public networ and the DMZ we put a firewall. If there is a port-forward forwarding from unsecure public networks to a machine on a private network this concept is broken.Īctually we put any resources we want to have reachable from unsecure public networks into their own broadcast domain we call DMZ (de-militarized zone). ![]() I wouldn’t recommend this: A large part of security for inexperienced users is that they are in a private network not reachable from public networks. Optionally at this point, you could set up port forwarding on their router so as to bypass the need for reverse tunneling over SSH. Of course, none of this will work if the inexperienced user breaks his or her network. I totally get why you want an easier solution but then if the teamviewer client is not installed on the user’s computer then teamviewer is not a zero-experience solution either. The net effect is that you might have to communicate via the phone (or, better, via email) one shell command to execute (or two if the other user doesn’t currently have an SSH server running). Optionally at this point, you could set up port forwarding on their router so as to bypass the need for reverse tunneling over SSH.( remmina also supports RDP but that is more useful for remote access into a Microsoft Windows computer.) Yes, you can use remmina for this but there are other VNC client choices for you. You then VNC in (VNC-over-SSH, reverse tunneled).You or they then SSH from them to you in order to reverse tunnel VNC.You then install a VNC server for the user.You then SSH in (so that’s SSH-over-SSH, reverse tunneled).As this is a Linux desktop that isn’t a huge ask but, yes, it needs to be done. ![]() The other user would need a working SSH server safely behind the NAT.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |