Simply start mtn serve on the hosted server as 'mtn serve
localhost:4691' (or whatever port -- any port over 1024 is available
to non-root users, 4691 is the default monotone port). This will
start a monotone netsync server which can be connected to *only* by
processes on the local machine, over loopback.
Then, to connect to the server, run something like the following on
your workstation:
ssh -L4691:localhost:4691 <server>
This somewhat confusing command line says "Forward port 4691 (the
leading 4691:) on the local host (-L) to port 4691 on the remote
machine (localhost:4691)". See 'man ssh' for more on -L (and its
closely-related cousin, -R). If you used a server port other than
4691 for 'mtn serve', replace the *final* 4691 in the above command
with the port the server is using.
Having done this, on your workstation again, run:
mtn sync localhost <pattern>
If you used a port other than 4691 as the first argument to ssh -L,
provide it as localhost:<port> in the above command. This will
connect to your workstation on a port which SSH tunnels through its
own connection to the remote host and connects to the remote monotone
server.
As far as drawbacks, they are what you would expect; you have to have
the SSH tunnel running to access monotone, the encrypted stream is
overhead, etc. However, you pay all those penalties to use monotone
via SSH in any fashion.