Post #94,140
4/3/03 5:10:05 PM
|
The one thing nobody ever tells you about SSH
I don't know what it is about dyed-in-the-wool Unixers, but they never seem to get around telling you about the REALLY cool things in certain packages. Newbies to secure remote operations (like me, for example) are encouraged to "go read up", and that's about it. Well, I read a lot and found out SSH gives you a remote shell. Neat, but only for other command-line lovers. I read a lot more and found out I can give Windows users an SCP/SSH client (I like WinSCP) so they can transfer files in a manner that is familiar to them. Cool. But management wants branch office users to be able to use applications like [link|http://www.blackbaud.com|The Raiser's Edge], a massive GUI (as you can tell from their heavyweight website design). And once you mention applications, people suddenly stop talking about SSH and start talking about either Citrix ($!) or a VPN, or VNC (anyone have a spare OC3?). Ugh.
SSH does "port forwarding", for those of you who don't know. For Raiser's Edge, I'm looking into tunneling ODBC (which is all R.E. needs to communicate) with SSH. Management is interested--no million-dollar VPN "solution".
The RE server runs on Win2k. The only question now is...do I try to run the sshd on that Win2k Server, using Cygwin? I'd rather not. I believe there should be a way to run sshd on my Debian box, and have it pass traffic to the RE server on Win2k. If there is, I'll find it eventually, but I'd appreciate any tips on: 1) how to do it, 2) how NOT to do it, and 3) is it worth it?
Many fears are born of stupidity and ignorance - Which you should be feeding with rumour and generalisation. BOfH, 2002 "Episode" 10
|
Post #94,180
4/3/03 7:37:41 PM
|
Forwarding
Cygwin's SSHD is not securee, as the docs will tell you. Essentially, there's a shared memory space via the CYGWIN32.DLL, which is accessible to all processes on the system. So while useful for lightweight applications, I wouldn't use it as a publicly-facing service. \r\n\r\n What you want to do is set up a box with a decent SSHD, and forward one of its ports to the appropriate port on your ultimate destination box. Read up on port forwarding for how to do this, it's pretty straightforward. \r\n\r\n Once done, you'd connect to the forwarded port of the SSHD server, which in turn will forward you to the appropriate port on the destination box. You can set these ports to be symmetric (identical) or assymetric (eg: port 5213 => 80). Forwarding privileged ports requires root access. \r\n\r\n You could also accomplish this via firewall port-forwarding rules, as an alternative. SSH offers the benefits of authentication and encryption.
--\r\n Karsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com]\r\n [link|http://kmself.home.netcom.com/|http://kmself.home.netcom.com/]\r\n What part of "gestalt" don't you understand?\r\n [link|http://twiki.iwethey.org/twiki/bin/view/Main/|TWikIWETHEY] -- an experiment in collective intelligence. Stupidity. Whatever.\r\n \r\n Keep software free. Oppose the CBDTPA. Kill S.2048 dead.\r\n[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html]\r\n
|
Post #94,212
4/3/03 9:32:34 PM
|
Thanks! Looks like that's the better route all around
Many fears are born of stupidity and ignorance - Which you should be feeding with rumour and generalisation. BOfH, 2002 "Episode" 10
|
Post #94,499
4/5/03 1:08:31 AM
|
That was the ticket; YOU DA MAN
Got the Sybase port I needed forwarded jus' fiiiine. Client uses PuTTy to establish the forward via a Woody box running sshd here. There was a small problem keeping the PuTTy connection open, but a TCPIP registry hack took care of that for now. While I was working on all of that, I happened to also get winbind up and running--just gotta get smbfs into the kernel now and my world will be complete :)
Okay, I actually have to get the third-party vendor (whose app I'm trying to get used in branch offices) to support a real DB on Linux. :)
Many fears are born of stupidity and ignorance - Which you should be feeding with rumour and generalisation. BOfH, 2002 "Episode" 10
|
Post #94,546
4/5/03 9:52:57 AM
|
Which App?
b4k4^2
[link|mailto:curley95@attbi.com|greg] - Grand-Master Artist in IT | [link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!] | [link|http://www.eweek.com/article2/0,3959,857673,00.asp|Microsoft develops apps for Linux by 2004] | Heimatland Geheime Staatspolizei reminds: These [link|http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf|Civilian General Orders], please memorize them. "Questions" will be asked at checkpoints. |
|
Post #94,561
4/5/03 12:56:39 PM
|
The Raiser's Edge/Financial Edge by blackbaud.com
Many fears are born of stupidity and ignorance - Which you should be feeding with rumour and generalisation. BOfH, 2002 "Episode" 10
|
Post #94,568
4/5/03 2:02:30 PM
|
Huh... hmmm... interesting...
[link|http://www.blackbaud.com/support/hwspecs/re7asa.pdf|Adaptive Server Anywhere version of Raiser's Edge]...
Looks like you have your "Linux supportable" Database... matter of fact ASA, is Very Well supported on Linux... ... that product(ASA) was basically a "tweak a few library includes ; configure && make && make install" from the standard *NIX code when they first tried Linux support.
I am not sure but you *MAY* be able to take the "Windows" DB and restore it on a Linux machine with it installed alreay and just start ASA. I have done that with Oracle... on Intel Hardware(IA32-)... but not RISC to Intel.
b4k4^2
[link|mailto:curley95@attbi.com|greg] - Grand-Master Artist in IT | [link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!] | [link|http://www.eweek.com/article2/0,3959,857673,00.asp|Microsoft develops apps for Linux by 2004] | Heimatland Geheime Staatspolizei reminds: These [link|http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf|Civilian General Orders], please memorize them. "Questions" will be asked at checkpoints. |
|
Post #94,633
4/6/03 1:42:06 AM
|
Yes. But "supportable" is a far cry from "supported".
The most onerous issue being that I don't really obtain ASA with RE/FE. I get an OEM stripped-down version of ASA without so much as a monitoring tool. You're right about easy transfer of the actual db datafiles, though (we do cold backups that way, and I did several reversions during our migration process ;) ...it wouldn't be hard to just copy them over and restart a server on Linux. The issue is spending more bucks on an actual ASA license ($25K/CPU or $3K + $600/seat)
Many fears are born of stupidity and ignorance - Which you should be feeding with rumour and generalisation. BOfH, 2002 "Episode" 10
|
Post #94,641
4/6/03 9:39:44 AM
|
Ahhh... IC...
Was just some thoughts...
Are you trying to get them to use something else?
b4k4^2
[link|mailto:curley95@attbi.com|greg] - Grand-Master Artist in IT | [link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!] | [link|http://www.eweek.com/article2/0,3959,857673,00.asp|Microsoft develops apps for Linux by 2004] | Heimatland Geheime Staatspolizei reminds: These [link|http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf|Civilian General Orders], please memorize them. "Questions" will be asked at checkpoints. |
|
Post #94,730
4/6/03 10:34:21 PM
|
Not really
There was some talk on the developers list for the product about requesting Linux DB support. To tell you the truth, I'm too busy trying to stave off .Net here to go after it.
Many fears are born of stupidity and ignorance - Which you should be feeding with rumour and generalisation. BOfH, 2002 "Episode" 10
|
Post #94,741
4/6/03 11:16:40 PM
|
Ergh, bring me a bucket!
b4k4^2
[link|mailto:curley95@attbi.com|greg] - Grand-Master Artist in IT | [link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!] | [link|http://www.eweek.com/article2/0,3959,857673,00.asp|Microsoft develops apps for Linux by 2004] | Heimatland Geheime Staatspolizei reminds: These [link|http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf|Civilian General Orders], please memorize them. "Questions" will be asked at checkpoints. |
|