| Subject | Re: [ib-support] final: Where I find a really good security specific IB/FB group? |
|---|---|
| Author | Edwin Pratomo |
| Post date | 2002-07-17T02:59:24Z |
ale_pira wrote:
ssh can be used for encrypted tunneling. For example, assuming firebird
is running on machine "db",
and you want to connect from "foo", then on "foo" do the following:
$ ssh -L 3050:localhost:3050 db
open new console, and run isql to connect to it as if firebird is
running on "foo":
$ isql -u sysdba -p masterke
localhost:/opt/interbase/examples/employee.gdb
If you want to create a permanent tunneling, you would need shared
public key for automated authentication, and then ssh -L can be run at
background.
Here is the options I use with ssh from ssh.com (not openssh):
$ ssh -Snf -L 3050:localhost:3050 db
The openssh's version differs slightly at the options, but I'm not able
to find a satisfactory setting for that.
AFAIK, windows ssh client which supports tunneling can be used as well,
however I haven't tried that myself.
btw I have used the same techniques to create encrypted connection to
two RDBMS servers other than firebird. I fully agree that encrypted
connection is not necessary to build into Firebird (or any other RDBMS
server). It will just waste time and effort.
--
rgds,
Edwin
>Well you don't have to install another software for that purpose.
> Hi all,
> My big thanks to everybody that answered, and my apologies for this
> little 'gap answering'..
>
> I taked some decisions here, and as you, want to share my point of
> view:
>
> 1) For local (programs) access, I'll test a tunneling software, since
> my network clients can see my db machine, or snif on the wire;
> but this is really difficult to implement: a demand of installing new
> software on hundreds machines is painful (almost sure to not do it..);
ssh can be used for encrypted tunneling. For example, assuming firebird
is running on machine "db",
and you want to connect from "foo", then on "foo" do the following:
$ ssh -L 3050:localhost:3050 db
open new console, and run isql to connect to it as if firebird is
running on "foo":
$ isql -u sysdba -p masterke
localhost:/opt/interbase/examples/employee.gdb
If you want to create a permanent tunneling, you would need shared
public key for automated authentication, and then ssh -L can be run at
background.
Here is the options I use with ssh from ssh.com (not openssh):
$ ssh -Snf -L 3050:localhost:3050 db
The openssh's version differs slightly at the options, but I'm not able
to find a satisfactory setting for that.
AFAIK, windows ssh client which supports tunneling can be used as well,
however I haven't tried that myself.
btw I have used the same techniques to create encrypted connection to
two RDBMS servers other than firebird. I fully agree that encrypted
connection is not necessary to build into Firebird (or any other RDBMS
server). It will just waste time and effort.
--
rgds,
Edwin