diff options
author | Tzafrir Cohen <tzafrir.cohen@xorcom.com> | 2011-06-14 09:21:33 +0000 |
---|---|---|
committer | Tzafrir Cohen <tzafrir.cohen@xorcom.com> | 2011-06-14 09:21:33 +0000 |
commit | 4b871455c14b51142fa355b5e02519cdc316d1bc (patch) | |
tree | 0b86637722c7da8b817d9ae234c69ac9f61d9bbe | |
parent | 4ad091b2f4f61d5ba0f8c7b8b942fc48c40b49d0 (diff) |
rapid-tunneling: documentation updates
Remove an obsolete section, typos, more on security.
git-svn-id: svn+ssh://xorcom/home/svn/debs/components/rapid-tunneling@9419 283159da-0705-0410-b60c-f2062b4bb6ad
-rw-r--r-- | README | 29 |
1 files changed, 14 insertions, 15 deletions
@@ -1,5 +1,5 @@ -Prepare computer for SSH tunneling -================================== +Rapid Tunneling +=============== Rapid Tunnelling(tm) uses the capabilities of openssh to allow you to support your clients even behind firewalls. @@ -95,18 +95,6 @@ you should run: rapid-tunneling-status -Command Line Usage: Root -~~~~~~~~~~~~~~~~~~~~~~~~ -If you run this as root, it is preffered that you run the above commands -as the dedicated tunneling user, to avoid leftovers. That is: - - su -c 'rapid-tunneling path/to/remote-access-clint.tar.gz' rapid-tunneling - - su -c 'rapid-tunneling-status' rapid-tunneling - - -The '-' in the end is required, to use the home directory of the dedicated -user. - - Server Operation ---------------- rtadm @@ -197,6 +185,17 @@ no-X11-forwarding,no-agent-forwarding,no-pty,permitopen="127.0.0.1:65534",comman A key can also be used to flood the server's disk, which means that the support user's quota should be limited. -THe client then sends the connection information over the already +The client then sends the connection information over the already established connection. + +Alternatively, if an attacker manages to send her own key (pointing to +her own RapidTunneling server) to the user, while pretending that this +key comes from a trusted support contact, the attacker will gain access +to the user's system. Thus the user should be careful about the key he gets. + + +Ideally this system should be simple to set up (assuming you have an SSH +server with a public IP address) and thus would be a handy and more secure +replacement to sending a password in the clear, or installing some Big +Binary Blob. |