Tunneling Protocols

Tunnel postgres from local machine to server (most common)

ssh -p 22 -L 443:10.x.x.99:443 foo@example.com

curl -kL https://127.0.0.1

ssh -L 1111:localhost:5432 user@remote.example.com

psql -h localhost -p 1111 -U your-db-username database-name

-g option allows remote hosts to connect to local forwarded ports

https://stackoverflow.com/questions/16835761/postgresql-via-ssh-tunnel

Tunneling is nice when using tools like https://www.sqlmanager.net/en/products/postgresql/manager or https://www.dbvis.com/ which are convenient for complex datastores.

Remote Forwarding Tunnel is another option to look at but if you have ssh access/perms to server the above is usually what you will do

Cheat Sheet

http://www.cheat-sheets.org/saved-copy/OpenSSH_quickref.pdf

ssh server - https://www.thegeekdiary.com/centos-rhel-how-to-set-up-sftp-to-chroot-jail-only-for-specific-group/

sshfs

sshfs mytest@127.0.0.1: /home/mytest/mnt -o follow_symlinks
fusermount -u mnt

SFTP

SFTP

• Logging commands https://access.redhat.com/articles/1374633
• Use Auditd for even more information
• https://unix.stackexchange.com/questions/147676/chrooted-sftp-user-write-permissions

Securing sshd

• https://raymii.org/s/tutorials/Limit_access_to_openssh_features_with_the_Match_keyword.html

Bandwidth

• https://serverfault.com/questions/394334/is-there-any-way-to-track-ssh-traffic-bandwidth-usage-per-user-basis