Snort mailing list archives
Re: OpenSSH question
From: Michael Boman <michael.boman () securecirt com>
Date: Sat, 23 Nov 2002 03:12:47 +0800
On Fri, Nov 22, 2002 at 12:54:35PM -0600, Frank Knobbe wrote:
On Fri, 2002-11-22 at 11:51, Skip Carter wrote:trying to log snort alerts to a remote mysql db via openssh. any ideas on the configuration?To port foward on a port over ssh, use something like the following from the IDS: ssh -L XXXX:dbserver.mydomain.com:XXXX dbserver.mydomain.com where XXXX is the mysql port number. then on the IDS connect to the database at XXXX on localhost. The disadavantage of doing it this way is that it requires you to login via ssh to the database server from the IDS. A more practical approach is to use stunnel (http://www.stunnel.org/ ) to provide the equiavlent without the ssh login session. The stunnel docs provide all the details.SSH will work fine if you use keys and no password authentication for login. That can be automated quite nicely and improves security. Configure the user account on the server so that you can not get a login shell, only accept a port redirection. Frank
Anyone tried password-less ssh keys? Works great for normal logins. Best regards Michael Boman -- Michael Boman Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd) http://www.securecirt.com
Attachment:
_bin
Description:
Current thread:
- OpenSSH question McIlwee, Mark A (Nov 21)
- Re: OpenSSH question Skip Carter (Nov 22)
- Re: OpenSSH question twig les (Nov 22)
- Re: OpenSSH question Frank Knobbe (Nov 22)
- Re: OpenSSH question Michael Boman (Nov 22)
- Re: OpenSSH question Gene (Nov 22)
- Re: OpenSSH question Skip Carter (Nov 22)