You can use ssh to encrypt the network
connection between clients and a
PostgreSQL server.
Done properly, this
should lead to an adequately secure network connection.
First make sure that an ssh server is
running properly on the same machine as
PostgreSQL and that you can log in using
ssh as some user.
You can than establish a secure tunnel from the client machine with a
command such as:
The first number in the
-L argument, 3333, is the
port number of your end of the tunnel; it can be chosen freely.
The second number, 5432, is the remote end of the tunnel -- the port
number your backend is using.
The name or the address in between
the port numbers is the host with the database server you are going
to connect to.
In order to connect to the database server using
this tunnel, you connect to port 3333 on the local machine:
psql -h localhost -p 3333 template1 |
To the database server it will then look as though you are really
user
[email protected] and it will use whatever
authentication procedure was set up for this user.
In order for the
tunnel setup to succeed you must be allowed to connect via ssh as
[email protected], just as if you had attempted to use ssh to set up a
terminal session.