Snort mailing list archives
Re: OpenSSH question
From: Gene <gyoo () attbi com>
Date: Fri, 22 Nov 2002 11:03:55 -0800
something like ssh --keygen, and stored the key file on the server... Frank Knobbe wrote:
On Fri, 2002-11-22 at 11:51, Skip Carter wrote:trying to log snort alerts to a remote mysql db via openssh. any ideas on the configuration?To port foward on a port over ssh, use something like the following from the IDS:ssh -L XXXX:dbserver.mydomain.com:XXXX dbserver.mydomain.com where XXXX is the mysql port number. then on the IDS connect to the database at XXXX on localhost.The disadavantage of doing it this way is that it requires you to login via ssh to the database server fromthe IDS. A more practical approach is to use stunnel (http://www.stunnel.org/ ) to provide the equiavlent without the ssh login session. The stunnel docs provide all the details.SSH will work fine if you use keys and no password authentication for login. That can be automated quite nicely and improves security. Configure the user account on the server so that you can not get a login shell, only accept a port redirection. Frank
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- OpenSSH question McIlwee, Mark A (Nov 21)
- Re: OpenSSH question Skip Carter (Nov 22)
- Re: OpenSSH question twig les (Nov 22)
- Re: OpenSSH question Frank Knobbe (Nov 22)
- Re: OpenSSH question Michael Boman (Nov 22)
- Re: OpenSSH question Gene (Nov 22)
- Re: OpenSSH question Skip Carter (Nov 22)