Thanks for share! 2009/8/15 Maximiliano Guzman <[email protected]>
> +1 Nice article. Thanks > > > On Fri, Aug 14, 2009 at 12:05 PM, Alpha Blue < > [email protected]> wrote: > >> >> ================================ >> SSH Magic and Rails Development >> ================================ >> (i) Security: >> >> Security is the most important piece when working with sandbox or >> production platforms on your server. I've learned this the hard way >> actually when approx. 3 years ago, someone hacked my PHP site by going >> through phpmyadmin remotely and adding a special admin account to >> vbulletin where they setup and staged a phishing site from my very own >> server. >> >> When I posed the question a few days ago of what to use to administrate >> your database, I was reminded of the fact that all remote utilities that >> access your site, if not properly secured, can make your sandbox and >> production environments very vulnerable. >> >> SSH: >> >> SSH is one of the few local utilities you can use that, when properly >> configured, is incredibly safe to administrate your site, and in a few >> moments, I'll even show you how you can develop with it. >> >> How is SSH safe? >> >> First, you can setup what port you want to connect from and exclude all >> other connecting ports. So, if you setup your port on say, and this is >> just an example, 24000, someone would have to know the port even to use >> SSH. >> >> Secondly, you can add SSL certificates private/public to further limit >> the connectivity to your site via SSH. This means that a person wanting >> to connect with SSH will not only have to know the port, the username, >> the password, they would also have to have key paired certificates on >> their machine that matched what was on your remote server. >> >> SSH Tunneling >> >> Tunneling from a secure SSH connection is much safer than accessing a >> remote browser and working with your site. Tunneling has various uses, >> especially if you want to connect and administrate your database. >> >> Windows and Putty >> >> I work from a windows environment but I know that most of you already >> know what SSH is and how to access whatever tool you wish to use to do >> it with. I like to use Putty when connecting securely through SSH on >> both my sandbox/production platforms. >> >> Here are the steps to enable tunneling: >> >> 1. Open putty, select your saved session and click Load. >> 2. In the far left pannel, under Connection, expand the section for >> SSH. >> 3. Click Tunnels. >> 4. In the source port type 3306 (or whatever port your db is using) >> 5. In the destination type 127.0.0.1:3306 >> 6. Click ADD. >> >> You will see L3306 127.0.0.1:3306, or something similar listed. >> >> 7. Click Sessions in the left hand panel. >> 8. Save your session so it includes tunnels. >> 9. That's it. Tunnels are now usable with putty. >> >> Administrating Your Database using SSH >> >> There's actually a few ways to do this. Once you have putty open, >> launched, and connected to your server, a tunnel is open between you and >> your server securely. You can open any local database administration >> tool on your machine and if you enter in localhost port 3306 and type in >> your database credentials, it will automatically connect through the >> tunnel to your database. >> >> What tools can you use locally to do this with? >> >> 1. MySQL Query Browser (if using mysql) >> 2. PG Admin (if using postgres) >> 3. PHPMyAdmin (if using wamp locally) >> >> Wait a second, did I just see you put up phpmyadmin? I thought you said >> it was unsecure? >> >> Well, not if you are using it locally. My local computer has the >> security equivallent of Fort Knox. I'm not using a remote version of >> phpmyadmin. I'm using a local version of phpmyadmin with WAMP and have >> no external broadcasting enabled. In order for someone to access a >> local phpmyadmin on my machine, they would have to be able to connect to >> my machine. >> >> So, secure SSH and tunneling has allowed me to administrate the server >> through an SSH console and also to administrate my database using any of >> my favorite local utilities. What else can it allow? >> >> Rails Development on Sandbox >> >> I use netbeans 6.7 (great features and works tremendously well when you >> have a windows box - it works well with linux too). >> >> If I open up netbeans, because the SSH tunnel is open, when I start the >> server for development, it will contact and utilize the development >> database on the server my tunnel is open to. So, if you have a sandbox >> server for testing and you secure SSH tunnel to it, you can open up your >> favorite development utility and connect straight to the development >> database there. >> >> Summary >> >> SSH is fantastic. Use it. Learn about it. Secure it. When properly >> configured, you can do a lot more things than you realize. >> -- >> Posted via http://www.ruby-forum.com/. >> >> >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
