port forwarding Net8 connections with openssh [message #67137] |
Wed, 26 November 2003 09:01 |
John Clarke
Messages: 3 Registered: November 2003
|
Junior Member |
|
|
I'm guessing this question has been answered before, but here goes anyway ...
I want to encrypt all Net8 traffic between my application servers and the database server by port forwarding using ssh. I'm running openssh on HP-UX.
My DB tier is called, say, db.whatever.com. My application server is app.whatever.com. The listener is listening on port 1521 on db.whatever.com.
From app.whatever.com, as the owner of the Oracle client software, I can open an ssh tunnel by doing ...
ssh -L 9921:db.whatever.com:1521.db.whatever.com.
This prompts me for the password over on db.whatever.com, and after entering it, logs me in.
In app.whatever.com's tnsnames.ora, I've changed the host to app.whatever.com and the port to 9921, for the service in question.
From this point forth, all Net8 traffic destined to the local port 9921 is forwarded to 1521 on db.whatever.com and things work nicely.
Here's my question - when I disconnect the initial session that opened the tunnel, it obviously closes and connections are dropped/prevented. I want to know how to make that tunnel persistent.
Can I do it by putting LocalForward line(s) in /opt/openssh/etc/ssh_config, or do I need to manage this from sshd_config on the db server side of things?
Thanks in advance.
|
|
|
Re: port forwarding Net8 connections with openssh [message #67141 is a reply to message #67137] |
Wed, 03 December 2003 15:33 |
John Clarke
Messages: 3 Registered: November 2003
|
Junior Member |
|
|
In case anyone's wondering ...
1) From client, do
ssh-keygen -t dsa
2) transfer the file (via scp, rcp, whatever) to the server and append to ~/.ssh/authorized_keys
3) Establish tunnel w/
ssh -2 -N -T -L (local port):(DB host):(listener port) (DB host) -f
Works pretty well
|
|
|