Recent comments on posts in the blog:

ProxyCommand with ProxyUseFdpass=yes
ProxyUseFdpass is a fairly new addition to OpenSSH (6.5) hence not yet very used and documented AFAICT. It's unclear to me what should the ProxyCommand do before exiting. Care to explain how to replace the (dummy) "ProxyCommand nc %h %p" with something that doesn't create a network socket and exits immediately?
Comment by guilhem
Found it

(a year later, but...)

Problem turned out to be drafts. I removed them from blogger and the re exported the data and everything went just fine (bah, I still didn't finihed, but I've got that part sorted out).


Comment by Lisandro Damián Nicanor
After several research, this tutorial was the one that worked for me in the Debian Wheezy installation. I think that something that I did not see in other tutorials was adding the option "luks" in the crypttab file, and this is why cswap mounting used to fail after a reboot.
Comment by FM
Probably not for needs as special as yours, but the most simple and easy-to-use tool I found to give support is gitso (now packaged for Debian), which makes it trivially easy for someone less tech-savvy to initiate a reverse vnc connection to a helper.
Comment by Florian
Instead of ssvnc, use sshvnc to connect to '', which will set up the SSH tunnel itself to port 5900+X, e.g. for port 5901.
Comment by madduck
You should only need noxdamage if you have an nVidia card; it works around a bug in the nVidia driver.
Comment by Anonymous
2factor auth

You can also use 2facthor auth with ( for example ) google authenticator:

Comment by KingOfThings
Logging ..

You might enjoy snoopy for logging purposes, since:

  • It is contained in squeeze, wheezy, and jessie.
  • It will log all commands.

The downside is that it won't log stdin, but I'd suggest that's almost a benefit since it avoids root-access users from seeing passwords.

Comment by Steve Kemp
Instead of a wrapper (which does funky things to e.g. remote command execution and pipes, control sockets, and forwarding), just use ProxyCommand and ProxyUseFdpass to execute SPA against %h, then to pass control back to /usr/bin/ssh…
Comment by madduck
Log Rotate

One other thing you might want to add is to add /var/log/router.log to /etc/logrotate.d/rsyslog so that it doesn't grow forever.

Cheers, -m

Comment by max