[BUGS] BUG #3968: ssh tunnel instructions could use improvement

From: Faheem Mitha <faheem(at)email.unc.edu>
Date: Mon Feb 18 2008 - 17:03:21 EST

The following bug has been logged online:

Bug reference:      3968
Logged by:          Faheem Mitha
Email address:      faheem@email.unc.edu

PostgreSQL version: 8.1.11
Operating system: Debian etch
Description: ssh tunnel instructions could use improvement Details:

Hi,

Currently http://www.postgresql.org/docs/8.3/static/ssh-tunnels.html

has instructions that say to set up a local port forward

to do

ssh -L 333ssh -L 3333:foo.com:5432 joe@foo.com

I think this should be changed to

ssh -L 3333:localhost:5432 joe@foo.com

The reason is that this assumes the postgres server on foo.com allows connections from foo.com, since trying to connect to port 3333 on the local machine using the instructions given in the docs, will attempt to initiate a connection to the postgres server, which will appear to it to be coming from foo.com.

However, it appears more likely, and is the Debian default, that the server only allows connections on localhost. This is a major source of potential confusion for people not familar with port forwarding.

Also, I'd suggest mentioning that you can put other addresses in place of localhost, but that the database needs to give permission to connect from those addresses, and in particular for

ssh -L 3333:localhost:5432 joe@foo.com

psql -h localhost -p 3333 postgres

to work, the database needs to allow a TCP/IP connection from localhost. This seems a pretty standard default, though.

                                              Faheem.

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
       subscribe-nomail command to majordomo@postgresql.org so that your
       message can get through to the mailing list cleanly

Received on Mon Feb 18 17:28:28 2008