| Lists: | pgsql-bugs |
|---|
| From: | "Faheem Mitha" <faheem(at)email(dot)unc(dot)edu> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | BUG #3968: ssh tunnel instructions could use improvement |
| Date: | 2008-02-18 22:03:21 |
| Message-ID: | 200802182203.m1IM3LLK050546@wwwmaster.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-bugs |
The following bug has been logged online:
Bug reference: 3968
Logged by: Faheem Mitha
Email address: faheem(at)email(dot)unc(dot)edu
PostgreSQL version: 8.1.11
Operating system: Debian etch
Description: ssh tunnel instructions could use improvement
Details:
Hi,
Currently http://www.postgresql.org/docs/8.3/static/ssh-tunnels.html
has instructions that say to set up a local port forward
to do
ssh -L 333ssh -L 3333:foo.com:5432 joe(at)foo(dot)com
I think this should be changed to
ssh -L 3333:localhost:5432 joe(at)foo(dot)com
The reason is that this assumes the postgres server on foo.com allows
connections from foo.com, since trying to connect to port 3333 on the local
machine using the instructions given in the docs, will attempt to initiate a
connection to the postgres server, which will appear to it to be coming from
foo.com.
However, it appears more likely, and is the Debian default, that the server
only allows connections on localhost. This is a major source of potential
confusion for people not familar with port forwarding.
Also, I'd suggest mentioning that you can put other
addresses in place of localhost, but that the database needs to give
permission to connect from those addresses, and in particular for
ssh -L 3333:localhost:5432 joe(at)foo(dot)com
psql -h localhost -p 3333 postgres
to work, the database needs to allow a TCP/IP connection from localhost.
This seems a pretty standard default, though.
Faheem.
| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Cc: | "Faheem Mitha" <faheem(at)email(dot)unc(dot)edu> |
| Subject: | Re: BUG #3968: ssh tunnel instructions could use improvement |
| Date: | 2008-02-26 16:07:26 |
| Message-ID: | 200802261707.27306.peter_e@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-bugs |
Am Montag, 18. Februar 2008 schrieb Faheem Mitha:
> ssh -L 333ssh -L 3333:foo.com:5432 joe(at)foo(dot)com
>
> I think this should be changed to
>
> ssh -L 3333:localhost:5432 joe(at)foo(dot)com
Good point. Please see the updated version at
http://developer.postgresql.org/pgdocs/postgres/ssh-tunnels.html in a few
minutes.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
| From: | Faheem Mitha <faheem(at)email(dot)unc(dot)edu> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #3968: ssh tunnel instructions could use improvement |
| Date: | 2008-02-26 16:47:22 |
| Message-ID: | Pine.LNX.4.64.0802261140260.13355@orwell.homelinux.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-bugs |
On Tue, 26 Feb 2008, Peter Eisentraut wrote:
> Am Montag, 18. Februar 2008 schrieb Faheem Mitha:
>> ssh -L 333ssh -L 3333:foo.com:5432 joe(at)foo(dot)com
>>
>> I think this should be changed to
>>
>> ssh -L 3333:localhost:5432 joe(at)foo(dot)com
>
> Good point. Please see the updated version at
> http://developer.postgresql.org/pgdocs/postgres/ssh-tunnels.html in a few
> minutes.
>
> --
> Peter Eisentraut
> http://developer.postgresql.org/~petere/
Hi Peter,
Thanks for agreeing to the change. Your improvements to the page look
good.
At the end, you might want to point out that in the line
ssh -L 63333:db.foo.com:5432 joe(at)shell(dot)foo(dot)com
the connection from shell.foo.com to db.foo.com will not be encrypted by
the ssh tunnel, at least according to the documentation I've read.
Take care, Faheem.
| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Faheem Mitha <faheem(at)email(dot)unc(dot)edu> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #3968: ssh tunnel instructions could use improvement |
| Date: | 2008-02-26 18:01:51 |
| Message-ID: | 200802261901.51767.peter_e@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-bugs |
Am Dienstag, 26. Februar 2008 schrieb Faheem Mitha:
> At the end, you might want to point out that in the line
>
> ssh -L 63333:db.foo.com:5432 joe(at)shell(dot)foo(dot)com
>
> the connection from shell.foo.com to db.foo.com will not be encrypted by
> the ssh tunnel, at least according to the documentation I've read.
Good point. Added.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/