 | |
#1
 
| |||
| |||
|
Queries via ssh-tunnel -
08-25-2010
, 08:43 AM
#2
| |||
| |||
|
|
We’re looking for a way to work with an Informix 11.50 server which resides on a Linux Server in our DMZ. We have to update master data regularly. The programs and source data are in the LAN. Is possible to access the Informix Server in the DMZ via ssh-tunnel and how can we make it work. The ssh tunnel could be opened from an internal server through the firewalls to the Informix Server Host. Exactly what help do you need? |
man ssh
and/or
man stunnel
Or to put it another way - what is it about tunneling (this is not an
IDS question) that you need to know?
--
Clive
--
This message has been scanned for viruses and
dangerous content by OpenProtect(http://www.openprotect.com), and is
believed to be clean.
#3
| |||
| |||
|
|
From IDS point of view, the connection is LOCAL... this has serious authentication implications. And with recent IDS versions you nay need to |
Regards.
On Wed, Aug 25, 2010 at 2:43 PM, Habichtsberg, Reinhard <
RHabichtsberg (AT) arz-emmendingen (DOT) de> wrote:
Quote:
|
We’re looking for a way to work with an Informix 11.50 server which resides on a Linux Server in our DMZ. We have to update master data regularly. The programs and source data are in the LAN. Is possible to access the Informix Server in the DMZ via ssh-tunnel and how can we make it work. The ssh tunnel could be opened from an internal server through the firewalls to the Informix Server Host. Your help is much appreciated. Reinhard. _______________________________________________ Informix-list mailing list Informix-list (AT) iiug (DOT) org http://www.iiug.org/mailman/listinfo/informix-list |
--
Fernando Nunes
Portugal
http://informix-technology.blogspot.com
My email works... but I don't check it frequently...
#4
| |||
| |||
|
|
From IDS point of view, the connection is LOCAL... this has serious authentication implications. And with recent IDS versions you nay need to |
Regards.
On Wed, Aug 25, 2010 at 2:43 PM, Habichtsberg, Reinhard <
RHabichtsberg (AT) arz-emmendingen (DOT) de> wrote:
Quote:
|
We’re looking for a way to work with an Informix 11.50 server which resides on a Linux Server in our DMZ. We have to update master data regularly. The programs and source data are in the LAN. Is possible to access the Informix Server in the DMZ via ssh-tunnel and how can we make it work. The ssh tunnel could be opened from an internal server through the firewalls to the Informix Server Host. Your help is much appreciated. Reinhard. _______________________________________________ Informix-list mailing list Informix-list (AT) iiug (DOT) org http://www.iiug.org/mailman/listinfo/informix-list |
--
Fernando Nunes
Portugal
http://informix-technology.blogspot.com
My email works... but I don't check it frequently...
#5
| |||
| |||
|
|
From IDS point of view, the connection is LOCAL... this has serious authentication implications. And with recent IDS versions you nay need |
Regards.
On Wed, Aug 25, 2010 at 2:43 PM, Habichtsberg, Reinhard
<RHabichtsberg (AT) arz-emmendingen (DOT) de> wrote:
We're looking for a way to work with an Informix 11.50 server which
resides on a Linux Server in our DMZ. We have to update master data
regularly. The programs and source data are in the LAN. Is possible to
access the Informix Server in the DMZ via ssh-tunnel and how can we make
it work. The ssh tunnel could be opened from an internal server through
the firewalls to the Informix Server Host.
Your help is much appreciated.
Reinhard.
_______________________________________________
Informix-list mailing list
Informix-list (AT) iiug (DOT) org
http://www.iiug.org/mailman/listinfo/informix-list
--
Fernando Nunes
Portugal
http://informix-technology.blogspot.com
My email works... but I don't check it frequently...
#6
| |||
| |||
|
|
-----Original Message----- From: informix-list-bounces (AT) iiug (DOT) org [mailto:informix-list-bounces (AT) iiug (DOT) org] On Behalf Of Clive Eisen Sent: Wednesday, August 25, 2010 4:20 PM To: Habichtsberg, Reinhard; informix-list (AT) iiug (DOT) org Subject: Re: Queries via ssh-tunnel On 25/08/2010 14:43, Habichtsberg, Reinhard wrote: We're looking for a way to work with an Informix 11.50 server which resides on a Linux Server in our DMZ. We have to update master data regularly. The programs and source data are in the LAN. Is possible to access the Informix Server in the DMZ via ssh-tunnel and how can we make it work. The ssh tunnel could be opened from an internal server through the firewalls to the Informix Server Host. Exactly what help do you need? man ssh and/or man stunnel Or to put it another way - what is it about tunneling (this is not an IDS question) that you need to know? Thanks, Clive. |
I'm not very experienced with tunneling. The IDS question is: At the end
of tunnel I want an IDS port answering and accepting connections. Is
that possible? What about authentication? How does the connection string
look like? I assume the user who connects has to be a user on the host
where the IDS runs. Is it possible to use the .rhosts method and what
has to be entered in the .rhosts of the user?
TIA, Reinhard
#7
| |||
| |||
|
|
-----Original Message----- From: informix-list-bounces (AT) iiug (DOT) org [mailto:informix-list-bounces (AT) iiug (DOT) org] On Behalf Of Clive Eisen Sent: Wednesday, August 25, 2010 4:20 PM To: Habichtsberg, Reinhard; informix-list (AT) iiug (DOT) org Subject: Re: Queries via ssh-tunnel On 25/08/2010 14:43, Habichtsberg, Reinhard wrote: We're looking for a way to work with an Informix 11.50 server which resides on a Linux Server in our DMZ. We have to update master data regularly. The programs and source data are in the LAN. Is possible to access the Informix Server in the DMZ via ssh-tunnel and how can we make it work. The ssh tunnel could be opened from an internal server through the firewalls to the Informix Server Host. Exactly what help do you need? man ssh and/or man stunnel Or to put it another way - what is it about tunneling (this is not an IDS question) that you need to know? Thanks, Clive. I'm not very experienced with tunneling. The IDS question is: At the end of tunnel I want an IDS port answering and accepting connections. Is that possible? What about authentication? How does the connection string look like? I assume the user who connects has to be a user on the host where the IDS runs. Is it possible to use the .rhosts method and what has to be entered in the .rhosts of the user? It's fairly simple |
A process (be it ssh or stunnel ) listens on a network interface
(usually localhost) on a given port on machine A
and transports the data (over ssh) to a destination port on machine B
so if A is your client
B is your server
and 9088 is the port your sqlexec is on
you could on machine A do
ssh -L9088:192.168.0.1:9088 someuser@B
where 192.168.0.1 is the IP address on B that IDS is listening on
then on the client you connect to 127.0.0.1:9088 with your application
As far as IDS is concerned the user IS ON B - it knows nothing about A
You cannot use .rhosts - for ssh you could use ssh keys for someuser
Note that someuse is used for setting up the ssh - it need not be the
user that you are going to connect to IDS with.
If you need to set up the ssh from B to A use -R instead of -L
Or use stunnel
HTH
--
Clive
Quote:
|
TIA, Reinhard _______________________________________________ Informix-list mailing list Informix-list (AT) iiug (DOT) org http://www.iiug.org/mailman/listinfo/informix-list |
--
This message has been scanned for viruses and
dangerous content by OpenProtect(http://www.openprotect.com), and is
believed to be clean.
 |
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.