I have a Java App running, which prints out messages into STDOUT and also has an active interactive console (also accepts STDIN), when the server has started up.
How do I securely give access to an external person (outside the network) to the console and nothing else?
I was figuring using ncat --ssl -e java filenamehere
And setting a firewall rule for the port used to only allow packets from one origin:
iptables -I INPUT \! --src 1.2.3.4 -m tcp -p tcp --dport 777 -j DROP # if it's not 1.2.3.4, drop it
But is that secure?
In theory, IP spoofing can be used or are modern mitigation methods built into the OS? I tried setting nospoof on
in the host.conf file but it seems that it's obsolete.
I was thinking of giving reverse-shell but that probably is a bit too much and insecure in my opinion. What is your opinion?