+1 Nice article. Thanks On Fri, Aug 14, 2009 at 12:05 PM, Alpha Blue < [email protected]> wrote:
> > ================================ > SSH Magic and Rails Development > ================================ > (i) Security: > > Security is the most important piece when working with sandbox or > production platforms on your server. I've learned this the hard way > actually when approx. 3 years ago, someone hacked my PHP site by going > through phpmyadmin remotely and adding a special admin account to > vbulletin where they setup and staged a phishing site from my very own > server. > > When I posed the question a few days ago of what to use to administrate > your database, I was reminded of the fact that all remote utilities that > access your site, if not properly secured, can make your sandbox and > production environments very vulnerable. > > SSH: > > SSH is one of the few local utilities you can use that, when properly > configured, is incredibly safe to administrate your site, and in a few > moments, I'll even show you how you can develop with it. > > How is SSH safe? > > First, you can setup what port you want to connect from and exclude all > other connecting ports. So, if you setup your port on say, and this is > just an example, 24000, someone would have to know the port even to use > SSH. > > Secondly, you can add SSL certificates private/public to further limit > the connectivity to your site via SSH. This means that a person wanting > to connect with SSH will not only have to know the port, the username, > the password, they would also have to have key paired certificates on > their machine that matched what was on your remote server. > > SSH Tunneling > > Tunneling from a secure SSH connection is much safer than accessing a > remote browser and working with your site. Tunneling has various uses, > especially if you want to connect and administrate your database. > > Windows and Putty > > I work from a windows environment but I know that most of you already > know what SSH is and how to access whatever tool you wish to use to do > it with. I like to use Putty when connecting securely through SSH on > both my sandbox/production platforms. > > Here are the steps to enable tunneling: > > 1. Open putty, select your saved session and click Load. > 2. In the far left pannel, under Connection, expand the section for > SSH. > 3. Click Tunnels. > 4. In the source port type 3306 (or whatever port your db is using) > 5. In the destination type 127.0.0.1:3306 > 6. Click ADD. > > You will see L3306 127.0.0.1:3306, or something similar listed. > > 7. Click Sessions in the left hand panel. > 8. Save your session so it includes tunnels. > 9. That's it. Tunnels are now usable with putty. > > Administrating Your Database using SSH > > There's actually a few ways to do this. Once you have putty open, > launched, and connected to your server, a tunnel is open between you and > your server securely. You can open any local database administration > tool on your machine and if you enter in localhost port 3306 and type in > your database credentials, it will automatically connect through the > tunnel to your database. > > What tools can you use locally to do this with? > > 1. MySQL Query Browser (if using mysql) > 2. PG Admin (if using postgres) > 3. PHPMyAdmin (if using wamp locally) > > Wait a second, did I just see you put up phpmyadmin? I thought you said > it was unsecure? > > Well, not if you are using it locally. My local computer has the > security equivallent of Fort Knox. I'm not using a remote version of > phpmyadmin. I'm using a local version of phpmyadmin with WAMP and have > no external broadcasting enabled. In order for someone to access a > local phpmyadmin on my machine, they would have to be able to connect to > my machine. > > So, secure SSH and tunneling has allowed me to administrate the server > through an SSH console and also to administrate my database using any of > my favorite local utilities. What else can it allow? > > Rails Development on Sandbox > > I use netbeans 6.7 (great features and works tremendously well when you > have a windows box - it works well with linux too). > > If I open up netbeans, because the SSH tunnel is open, when I start the > server for development, it will contact and utilize the development > database on the server my tunnel is open to. So, if you have a sandbox > server for testing and you secure SSH tunnel to it, you can open up your > favorite development utility and connect straight to the development > database there. > > Summary > > SSH is fantastic. Use it. Learn about it. Secure it. When properly > configured, you can do a lot more things than you realize. > -- > Posted via http://www.ruby-forum.com/. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
