Pete Finnigan's Oracle Security Forum
        (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
      

        Oracle Security >> Oracle Security >> Tunneling Sqlnet through ssh
        
(Message started by: Pete Finnigan on Feb 1st, 2006, 11:52am)
Title: Tunneling Sqlnet through ssh
Post by Pete Finnigan on Feb 1st, 2006, 11:52am
Hello everyone, first subject for me here so be kind ;)

I tunnel my sql through ssh to encrypt the network traffic for test purposes (right now).

I.e
at client/app server i start an ssh connection to the dbserver using
ssh -L 9999:foo.com:1526 foo.com -l serveruser

also i alter the tnsnames.ora at the client/app server
to use:

DATABASE.TEST.FOO.COM =
 (DESCRIPTION =
   (ADDRESS_LIST =
     (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 9999))
   )
   (CONNECT_DATA =
     (SID = database)
     (SERVER = DEDICATED)
   )
 )

now i can connect to the database using sqlplus@database.test.foo.com and the network traffic will be encrypted by the ssh at the client side and decrypted again by ssh at the serverside.

Any flaws with this approach?
Title: Re: Tunneling Sqlnet through ssh
Post by Pete Finnigan on Feb 1st, 2006, 8:23pm
Hi Morgan

You might find it useful to look at two papers on my [url http;//www.peetefinnigan.com/orasec.htm]Oracle white papers page[/url] that talk about ssh and Oracle, one covers exactly what you need. search on the page for ssh with CTRL-F and you will find them. One by Roger and the other by Jared

cheers

Pete


Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board