server setup:

add to ssh_config for callback:
NoHostAuthenticationForLocalhost yes

(write a script to do this?)


TODO:
Run a SEPARATE CUSTOM SSHD on the server for rfix, which allows to forward only one remote port (the uid), no local ports, etc.

sshd settings

  GatewayPorts no   # or clientspecified, on shared server

LocalCommand might be useful to let the user know when a connection has been
made:

  ssh -oControlPath=none -oPermitLocalCommand=yes -oLocalCommand='xmessage hi' pi


rfix client cd:

needs ~/.ssh/id_rsa and id_dsa, custom files, to authenticate to the server;
and maybe custom username, server, port, etc.

require a password (too) ?

# to test: ssh -o NoHostAuthenticationForLocalhost=yes -i ~/.rfix-tmp/id_rsa -p 8484 localhost

# TODO rfix client (for fixers?) should use a custom ssh config file, as needs may be different from usual, esp. re security (can't trust the user)


Should the time for rfix be arranged with a phone call, voice or IM?  probably
yes, can give a simple password to the fixer to be used in combination with the
ssh key and server access.