From 4b871455c14b51142fa355b5e02519cdc316d1bc Mon Sep 17 00:00:00 2001 From: Tzafrir Cohen Date: Tue, 14 Jun 2011 09:21:33 +0000 Subject: rapid-tunneling: documentation updates Remove an obsolete section, typos, more on security. git-svn-id: svn+ssh://xorcom/home/svn/debs/components/rapid-tunneling@9419 283159da-0705-0410-b60c-f2062b4bb6ad --- README | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/README b/README index a85638f..f94bbc6 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ -Prepare computer for SSH tunneling -================================== +Rapid Tunneling +=============== Rapid Tunnelling(tm) uses the capabilities of openssh to allow you to support your clients even behind firewalls. @@ -95,18 +95,6 @@ you should run: rapid-tunneling-status -Command Line Usage: Root -~~~~~~~~~~~~~~~~~~~~~~~~ -If you run this as root, it is preffered that you run the above commands -as the dedicated tunneling user, to avoid leftovers. That is: - - su -c 'rapid-tunneling path/to/remote-access-clint.tar.gz' rapid-tunneling - - su -c 'rapid-tunneling-status' rapid-tunneling - - -The '-' in the end is required, to use the home directory of the dedicated -user. - - Server Operation ---------------- rtadm @@ -197,6 +185,17 @@ no-X11-forwarding,no-agent-forwarding,no-pty,permitopen="127.0.0.1:65534",comman A key can also be used to flood the server's disk, which means that the support user's quota should be limited. -THe client then sends the connection information over the already +The client then sends the connection information over the already established connection. + +Alternatively, if an attacker manages to send her own key (pointing to +her own RapidTunneling server) to the user, while pretending that this +key comes from a trusted support contact, the attacker will gain access +to the user's system. Thus the user should be careful about the key he gets. + + +Ideally this system should be simple to set up (assuming you have an SSH +server with a public IP address) and thus would be a handy and more secure +replacement to sending a password in the clear, or installing some Big +Binary Blob. -- cgit v1.2.3