Secure Postgres access
Larry Bates
larry.bates at websafe.com
Wed Sep 6 14:23:44 EDT 2006
Reid Priedhorsky wrote:
> Hi folks,
>
> I would like to access a remote Postgres server from a Python program in a
> secure way. Postgres doesn't currently listen to the Internet for
> connections, and I'd prefer to keep it that way.
>
> I know how to forward ports using SSH, but I don't like doing this because
> then anyone who knows the port number can connect to Postgres over the
> same tunnel. (I'm not the only user on the client machine.)
>
> What I envision is something like wrapping an SSH connection which then
> opens psql once connected, but I'm not too picky.
>
> Both Postgres and the Python program are running on Linux.
>
> Any ideas?
>
> Thanks very much for any help.
>
> Reid
Use port forwarding over SSH and use only pubkey authorization so that
you put their pubkey in authorized_keys on the server for SSH connection.
Put something like 'LocalForward 3308 databaseserver:3308' in your ssh
client config file (I don't know if you are using putty or cygwin) and
then point the Python program to localhost:3308 This then gets redirected
to proper port on the remote machine. Works great and the traffic is
encrypted and I know who the user is because they can't connect until
they give me their pubkey and I put on the server and they must have
their private key AND passphrase to establish the SSH connection.
I use this to run pgAdmin III remotely through a firewall to my
database server.
-Larry Bates
More information about the Python-list
mailing list