[Cialug] hiding a publicly accessible database server

Daniel A. Ramaley daniel.ramaley at drake.edu
Thu Sep 11 14:08:32 CDT 2008


I'll second this. I use single purpose keys at home for a simple 
rsync-over-ssh backup strategy, and at work for accounts between 
servers that need to send files to each other but nothing else.

On Thursday September 11 2008 13:58, Jeff Chapin wrote:
>I have had success in the past using the Single purpose keys as
>described on this page:http://pkeck.myweb.uga.edu/ssh/
>
>Basically, you make a key that is ONLY authorized to run one command 
> (a script) and you put your tunneling code in that script.
>
>
>Jeff
>
>Matthew Nuzum wrote:
>> Hi, I'm conceiving an application that would like to use a
>> centralized postgres database. For my idea to work best it would be
>> nice if the application could make a connection to the postgres
>> server on demand without the user having to do anything. Yet I
>> really don't want to put the database wide open to the web. So its a
>> conundrum.
>>
>> I have an idea I know would work but is has a challenge: Use an SSH
>> tunnel. But for this to work, the user would have to create an SSH
>> key without a password and keep in on their computer. If someone
>> else found this key then they'd have shell access to the machine
>> used to tunnel the postgres connections. (the reason for no ssh
>> password is so that the application could initiate the ssh
>> connection automatically)

------------------------------------------------------------------------
Dan Ramaley                            Dial Center 118, Drake University
Network Programmer/Analyst             2407 Carpenter Ave
+1 515 271-4540                        Des Moines IA 50311 USA


More information about the Cialug mailing list