Hobbes, you can tunnel your CNC connection over ssh. I've been doing it for a long time and worked out a system that doesn't get in my way at all. I do it with my pop and smtp mail too.
Step 1: Set up port forwarding in your ssh client... in this case, you want to forward tcp 80 (http) to myhost.tld (<-- replace with your domain name). Tell it not to accept or forward remote connections. This is the part that establishes the tunnel. Most ssh clients will allow you to save this as a profile.
Step 2: Create an entry in your etc/hosts file (yes, Windows has one too -- it's in %WINDIR%\system32\drivers, if memory serves) that points www.myhost.tld
to 127.0.0.1. This is the part that lets your browser send the correct host header to FQ while actually communicating through the ssh tunnel.
Step 3: Log in using ssh with the port forwarding settings above. If you're on a Mac or *Nix-based system, you may have to give your computer a root password in order to establish the tunnel.
Step 4: OK, actually there is no Step 4. Just fire up your browser and hit your CNC.
Steps 1 and 2 are one-time things. Step 3 is an every-time thing.
Here is an important thing to remember. If you follow these instructions exactly, www.myhost.tld
is tunneled, but myhost.tld is not. This has a couple of implications:
will *only* work when you're logged in via ssh. Other times, it'll give you "connection refused."
2. A tunneled connection takes up more system resources and is slower than a straight one, because both server and browser have to encrypt and decrypt all the communications and content. So it would be best FQ-izenship to *only* use the tunneled connection for the CNC, not for regular development and browsing of your site.
3. Because you are establishing a single tunnel from your system, you can only do this to one of your sites at a time. I've tried setting it up with different port numbers on the client end, but it didn't work because a rewrite or something on the server end would bounce me back to www.myhost.tld
After a while, you get into the habit of using www.myhost.tld
for the CNC, and just myhost.tld for everything else.