You could setup a cron job on that server that checks for a specific code
in a dropbox directory, or in an email account, and when received, it
deletes the {mail|file} and activates a SSH tunnel or a VPN with which you
can connect to.
All you should have to do when you want to connect is send the email / put
the file, wait a bit and then connect to the server.
You'll have to close the tunnel when you disconnect however, or perhaps the
same cron job can close it upon receiving another code.
--
L'ignoranza è un male curabile, è sufficiente la volontà.
On 11 February 2014 13:35, Ismael Bouya <ismael.bouya@xxxxxxxxxxxxxx> wrote:
> (Tue, Feb 11, 2014 at 01:29:30PM +0100) Constantin :
> > You could establish a VPN/tunnel originating from the server you want to
> > update. That way, from the machine's view, it is an outgoing connection
> > and might not be restricted by the firewall. You can then use the
> > existing tunnel to ssh back to the machine.
> > Of course this would require an accessible server somewhere outside.
>
> Sure, that's what I understood in the former message, and already thought
> of doing it. The problem that I have (maybe it wasn't clear in my message)
> is that then I give an "obvious" *permanent* entry point to a network that
> is willingly closed. If anything happens (even if I'm quite confident with
> the security of the machine, we never know), it's my responsibility, and I
> don't want that.
>
> --
> Ismael
>
