You could setup a cron job on that server that checks for a specific code in a dropbox directory, or in an email account, and when received, it deletes the {mail|file} and activates a SSH tunnel or a VPN with which you can connect to. All you should have to do when you want to connect is send the email / put the file, wait a bit and then connect to the server. You'll have to close the tunnel when you disconnect however, or perhaps the same cron job can close it upon receiving another code. -- L'ignoranza è un male curabile, è sufficiente la volontà. On 11 February 2014 13:35, Ismael Bouya <ismael.bouya@normalesup.org> wrote:
(Tue, Feb 11, 2014 at 01:29:30PM +0100) Constantin :
You could establish a VPN/tunnel originating from the server you want to update. That way, from the machine's view, it is an outgoing connection and might not be restricted by the firewall. You can then use the existing tunnel to ssh back to the machine. Of course this would require an accessible server somewhere outside.
Sure, that's what I understood in the former message, and already thought of doing it. The problem that I have (maybe it wasn't clear in my message) is that then I give an "obvious" *permanent* entry point to a network that is willingly closed. If anything happens (even if I'm quite confident with the security of the machine, we never know), it's my responsibility, and I don't want that.
-- Ismael