Blog Entry


Forward

So the previous blog-post used firejail to restrict the access to the system. It turns out that openssh has the necessary stuff built in to do so without using firejail.

Setting it all up

User

You can set up a new user that your Android SSH client will connect to, or use an existing user. (You can use an existing user because you can restrict access by the key used, not only by user.)

authorized_keys file

When you add the public key to your .ssh/authorized_keys file, prefix the entry with options like in the following example:

restrict,port-forwarding,permitopen="127.0.0.1:6600",permitopen="[::1]:6600" <android client's ssh public key here>

The restrict option blacklists all capabilities, and port-forwarding enables the port-forwarding capability. The latter two permitopen entries allows access to MPD listening on port 6600 with either localhost IPV4 or localhost IPV6.

Note that you can prefix any public key entry with this to have the same restrictions to only allow access to MPD. You still will need to make sure your client can access sshd (like by configuring your firewall to allow accessing sshd).

If you want to access MPD from a PC with ssh, you may use something like:

ssh -i myKey -T -L 6600:127.0.0.1:6600 username@myMPDHost

That's It

I've been using this setup with a capable Android ssh client and the MALP app (from f-droid) to control mpd from an Android phone. Hopefully this will work just as well for you too.

Comments:

2022 01 17 23:39:09 +0000
Anthonywes:
I regret, that I can not participate in discussion now. I do not own the necessary information. But with pleasure I will watch this theme.
2022 04 09 00:43:36 +0000
DELETED:
Reason for deletion: Spam
2022 05 07 06:00:27 +0000
DELETED:
Reason for deletion: Spam (probably, but I'd rather not translate unknown text)
2022 05 26 18:50:14 +0000
DELETED:
Reason for deletion: Spam