LinuXelite
Programmer
Hello
I need to encrypt a connection to a mysql server. The server runs Linux and the client is multi-plateform. So I use a tunnel. I have two solutions:
- Stunnel
- SSH port forwarding
stunnel required openssl and a manual configuration from the client. I don't want that.
SSH port forwarding works because I call plink.exe from a cmdshell and its transparent for the user.
Howerver, here is my problem:
I have an dummy account on the linux server with no shell access.
SSH encript mysql connection
If a user decide to "hack" the sofware and change this:
ssh -f -L 1234:foobar:3306 foobar.com sleep 30
to this
ssh -f -L 1234:localhost:25 foobar.com sleep 30
The user can use my SMTP server to avoid my firewall and send spam mail from my server.
I need a policy to limit SSHD port forwarding.
I can't find anything on google/mans page. I am wrong or this is not a good solution for public tunnel?
I'm open to another solution. I use Delphi/Kylix as a main programming language and SSH is the most convenient way to do this (except for the security concern).
Frank,
I need to encrypt a connection to a mysql server. The server runs Linux and the client is multi-plateform. So I use a tunnel. I have two solutions:
- Stunnel
- SSH port forwarding
stunnel required openssl and a manual configuration from the client. I don't want that.
SSH port forwarding works because I call plink.exe from a cmdshell and its transparent for the user.
Howerver, here is my problem:
I have an dummy account on the linux server with no shell access.
SSH encript mysql connection
If a user decide to "hack" the sofware and change this:
ssh -f -L 1234:foobar:3306 foobar.com sleep 30
to this
ssh -f -L 1234:localhost:25 foobar.com sleep 30
The user can use my SMTP server to avoid my firewall and send spam mail from my server.
I need a policy to limit SSHD port forwarding.
I can't find anything on google/mans page. I am wrong or this is not a good solution for public tunnel?
I'm open to another solution. I use Delphi/Kylix as a main programming language and SSH is the most convenient way to do this (except for the security concern).
Frank,