+
+
+
Secure TCP/IP Connection
+
+
+
Author
+ From e-mail by
+ written on 1999-09-08 in response to a
+ question from Eric Marsden.
+
+
+
+
+ One can use
ssh to encrypt the network
+ connection between clients and a
+
Postgres server. Done properly, this
+ should lead to an adequately secure network connection.
+
+
+ The documentation for
ssh provides most
+ of the information to get started.
+ Please refer to
+
http://www.heimhardt.de/htdocs/ssh.html+ for better insight.
+
+
+ A step-by-step explanation can be done in just two steps.
+
+
+
Running a secure tunnel via ssh
+
+ A step-by-step explanation can be done in just two steps.
+
+
+
+ Establish a tunnel to the backend machine, like this:
+
+
+
+ The first number in the -L argument, 3333, is the port number of
+ your end of the tunnel. The second number, 5432, is the remote
+ end of the tunnel -- the port number your backend is using. The
+ name or the address in between the port numbers belongs to the
+ server machine, as does the last argument to ssh that also includes
+ the optional user name. Without the user name, ssh will try the
+ name you are currently logged on as on the client machine. You can
+ use any user name the server machine will accept, not necessarily
+ those related to postgres.
+
+
+
+
+ Now that you have a running ssh session, you can connect a
+ postgres client to your local host at the port number you
+ specified in the previous step. If it's
+
psql, you will need another shell
+ because the shell session you used in
+ is now occupied with
+
+psql -h localhost -p 3333 -d mpw
+
+
+ Note that you have to specify the argument
+ to cause your client to use the TCP socket instead of the Unix
+ socket. You can omit the port argument if you chose 5432 as your
+ end of the tunnel.
+
+
+
+
projects / postgresql.git / commitdiff