Snort mailing list archives

Re: OpenSSH question

From: Michael Boman <michael.boman () securecirt com>
Date: Sat, 23 Nov 2002 03:12:47 +0800

On Fri, Nov 22, 2002 at 12:54:35PM -0600, Frank Knobbe wrote:

On Fri, 2002-11-22 at 11:51, Skip Carter wrote:

trying to log snort alerts to a remote mysql db via openssh.  any ideas on
the configuration?


To port foward on a port over ssh, use something like the following from the 
IDS:

 ssh -L XXXX:dbserver.mydomain.com:XXXX dbserver.mydomain.com

where XXXX is the mysql port number.

then on the IDS connect to the database at XXXX on localhost.


The disadavantage of doing it this way is that it requires you to login via 
ssh to the database server from
the IDS.  A more practical approach is to use stunnel (http://www.stunnel.org/
) to provide the equiavlent
without the ssh login session.  The stunnel docs provide all the details.



SSH will work fine if you use keys and no password authentication for
login. That can be automated quite nicely and improves security.
Configure the user account on the server so that you can not get a login
shell, only accept a port redirection.

Frank


Anyone tried password-less ssh keys? Works great for normal logins.

Best regards
 Michael Boman

-- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com

Attachment: _bin
Description:

Current thread:

OpenSSH question McIlwee, Mark A (Nov 21)
- Re: OpenSSH question Skip Carter (Nov 22)
  - Re: OpenSSH question twig les (Nov 22)
  - Re: OpenSSH question Frank Knobbe (Nov 22)
    - Re: OpenSSH question Michael Boman (Nov 22)
    - Re: OpenSSH question Gene (Nov 22)