Well, as far as I know you need to have sshd (or an equivalent) running
on the receiving end. Then, on your server you call up a command like
so:
ssh -f -2 -N -L {source-port}:{end-address}:{end-port}
{sshd-server-address} -l {login}
This command causes ssh to create a secure tunnel that goes from
source-port on your server to end-address:end-port through the ssh
server {sshd-server-address}. Clearly, {sshd-server-address} and
{end-address} can be the same computer, but not necessarily--as long as
there is a direct route between the two and you can consider that route
secure.
Once you've established the connection, you can connect to your local
box on the {source-port}, and your data will be transparently (and
securely) redirected to the new box.
For example:
ssh -N -2 -f -L 3307:my.mysql.box:3306 my.mysql.box -l mysql_user
creates a secure tunnel for connecting to a remote MySQL server
securely. After you've established the connection, you can use
127.0.0.1:3307 on your local box to connect to MySQL and your data will
be transported securly to the other computer.
Hope this helps... a more complete (and probably more accurate)
explanation would take a long time, but if you look around on the Net
you should find plenty of resources.
Cheers,
Marco
--
------------
php|architect - The magazine for PHP Professionals
The first monthly worldwide magazine dedicated to PHP programmers
Come visit us at http://www.phparch.com!
--- Begin Message ---
Marco,
Would you have any examples for using an SSH tunnel? I'm using fsockopen
to get data from proprietary server software (just returns data to me in
different formats) and I would like to have it secure. I'm just not sure
how I could incorporate that.
Thanks,
Bryan
On 26 Nov 2002, Marco Tabini wrote:
|Rich,
|
|Why don't you create an ssh tunnel between your two boxes and then
|perform you ftp connection through there? This way, the connection would
|be secure and you could impersonate whichever user you need to.
|
|There is also a secure version of ftp, but I don't think that it can be
|instantiated directly from PHP, and you would therefore have to run it
|from a shell, which would give the same problems you have with ssh now.
|
|
|Marco
|
|
--- End Message ---
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
