![]() ![]() To start a tunneling session we use this command on a local server. Just know that tunneling will not work unless you can establish an SSH connection to the host because tunneling piggybacks on an open SSH session.ĪWS servers we use two layers of credentials: AWS‘ keypairs as well as credential-only SSH logins (no password access). Amazon maintains good instructions for doing so. ![]() Step 1 is making sure you can log into the server. So long as you can log into an interactive shell via SSH on the remote server hosting the database you can tunnel connections to it, including PostgreSQL’s. The mechanics for tunneling (a/k/a port forwarding) seem complex but fortunately the implementation is not. That’s assuming he doesn’t just try and succeed with a typically obvious database login like ‘Tunneling is a common way to support lots of services on a Unix box without opening up a lot of vulnerable ports to the outside world. An interested hacker only needs to sniff the connection to get the login credentials, then he has complete access to the server as user postgresvia psql’s shell-out command, \!, where he can do lots of damage, including planting malware. How do you do this and still run in a secure environment? One thing you don’t do is poke a hole in AWS‘ firewall and run PostgreSQL’s port in the open. ![]() But developers typically work on local dev setups outside the host and occasionally need access to the main dev and staging databases located on AWS. AWS has become a fairly ubiquitous hosting option for small companies. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |