[Cialug] hiding a publicly accessible database server
Jeff Chapin
chapinjeff at gmail.com
Thu Sep 11 13:58:49 CDT 2008
I have had success in the past using the Single purpose keys as
described on this page:http://pkeck.myweb.uga.edu/ssh/
Basically, you make a key that is ONLY authorized to run one command (a
script) and you put your tunneling code in that script.
Jeff
Matthew Nuzum wrote:
> Hi, I'm conceiving an application that would like to use a centralized
> postgres database. For my idea to work best it would be nice if the
> application could make a connection to the postgres server on demand
> without the user having to do anything. Yet I really don't want to put
> the database wide open to the web. So its a conundrum.
>
> I have an idea I know would work but is has a challenge: Use an SSH
> tunnel. But for this to work, the user would have to create an SSH key
> without a password and keep in on their computer. If someone else
> found this key then they'd have shell access to the machine used to
> tunnel the postgres connections. (the reason for no ssh password is so
> that the application could initiate the ssh connection automatically)
>
> Does anyone have a suggestion?
>
>
More information about the Cialug
mailing list