Problem: I want to remotely access my computer from untrusted computers like on friends house or at work.

Looking for: Remote desktop software (SSH is out of scope, as it could do commands in the background). Client should work in the browser or have portable binaries. Server should send some soft of 2FA before every connection without a way to remember it, so I could be safe in a case of a keylogger snooping on connection password. Not nessesary, but would be nice to have some sort of rate limiting for the inputs, so it won’t be possible for some rubber-ducky style script to open terminal and run command before I could react.

  • wildbus8979
    link
    fedilink
    arrow-up
    10
    ·
    edit-2
    6 months ago

    I’m not saying this to be smug, everything you listed here is things ssh can do if configured to do so… 2FA can be configured in various ways via PAM (namely yubikey being the superior method, but the possibilities are limitless). Banning non interactive shells can be done with something along the lines of:

    ForceCommand    if [ "$SSH_ORIGINAL_COMMAND" ]; then echo "this server rejects non-interactive ssh usage" >&2; exit 1; else exec "$SHELL" -i; fi
    

    Rate limiting is achievable via iptables/nftables.