Subject Re: [ib-support] final: Where I find a really good security specific IB/FB group?
Author Edwin Pratomo
ale_pira wrote:
> Hi all,
> My big thanks to everybody that answered, and my apologies for this
> little 'gap answering'..
> I taked some decisions here, and as you, want to share my point of
> view:
> 1) For local (programs) access, I'll test a tunneling software, since
> my network clients can see my db machine, or snif on the wire;
> but this is really difficult to implement: a demand of installing new
> software on hundreds machines is painful (almost sure to not do it..);

Well you don't have to install another software for that purpose.
ssh can be used for encrypted tunneling. For example, assuming firebird
is running on machine "db",
and you want to connect from "foo", then on "foo" do the following:
$ ssh -L 3050:localhost:3050 db

open new console, and run isql to connect to it as if firebird is
running on "foo":
$ isql -u sysdba -p masterke

If you want to create a permanent tunneling, you would need shared
public key for automated authentication, and then ssh -L can be run at
Here is the options I use with ssh from (not openssh):
$ ssh -Snf -L 3050:localhost:3050 db

The openssh's version differs slightly at the options, but I'm not able
to find a satisfactory setting for that.

AFAIK, windows ssh client which supports tunneling can be used as well,
however I haven't tried that myself.

btw I have used the same techniques to create encrypted connection to
two RDBMS servers other than firebird. I fully agree that encrypted
connection is not necessary to build into Firebird (or any other RDBMS
server). It will just waste time and effort.