Обсуждение: Secure connections with changing ip addresses?
Hello, I have poked around a bit, and am finally resorting to taking up some cycles in this list. Please forgive me. I have a pg_hba.conf file that is setup like this host db1 user1 222.152.155.194/32 md5 From time to time, my ISP changes my ip address on me. At that point, my connection to this DB is denied. I have to log in (ssh) to my server, edit this file with the new ip address, save and restart to get connectivity back. Is there a way to have a secure connection that can withstand changing ip addresses? Thanks Gene
On Jul 28, 2006, at 5:47 PM, gene Campbell wrote: > I have poked around a bit, and am finally resorting to taking up > some cycles in this list. > Please forgive me. > > I have a pg_hba.conf file that is setup like this > > host db1 user1 222.152.155.194/32 md5 > > From time to time, my ISP changes my ip address on me. > At that point, my connection to this DB is denied. > > I have to log in (ssh) to my server, edit this file with the new ip > address, save and restart to get connectivity back. > > Is there a way to have a secure connection that can withstand > changing ip addresses? Not via an IP address, but you have bigger issues. You're passing all your info unencrypted over the internet (basically including the password). You should really setup SSL. That would also allow you to do certificate-based authentication. -- Jim C. Nasby, Sr. Engineering Consultant jnasby@pervasive.com Pervasive Software http://pervasive.com work: 512-231-6117 vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461
On 7/29/06, gene Campbell <genecampbell8@yahoo.com> wrote:
> I have a pg_hba.conf file that is setup like this
>
> host db1 user1 222.152.155.194/32 md5
>
> From time to time, my ISP changes my ip address on me.
> At that point, my connection to this DB is denied.
>
> I have to log in (ssh) to my server, edit this file with the new ip
> address, save and restart to get connectivity back.
>
> Is there a way to have a secure connection that can withstand
> changing ip addresses?
I think the best solution for you would be some form of VPN,
perhaps IPsec, or vtund (if you're using *nix).
Generally, when you change your IP, you will lose the connection.
And you also have to tell that machine that you changed the IP,
either manually (ssh to server, as you wrote) or automagically
(using the script which will ssh, change the file, signal the DB).
If you set a VPN, you will always have the same IP address, say
192.168.111.111, no matter what your ISP has selected for you now,
and connections to that address can persist your IP changes
(depends how VPN is set up, but it's doable).
Regards,
Dawid
Thanks Jim. First, I appologize for double postings. Yahoo mail labelled all the responses to this thread as spam, and but nothing else. So I was still get mail in my inbox (pop), and therefore thought I was being ignore. Second, I'm not too worried about the data being read in transit, unless of course passwords. I just don't want hackers attemting to login. Nevertheless, the ssl sounds like the way to go, is there a specific Postgresql way to set that up? Or are you suggesting a system wide implementation of which pq can take advantage? thanks gene Jim Nasby wrote: > On Jul 28, 2006, at 5:47 PM, gene Campbell wrote: > >> I have poked around a bit, and am finally resorting to taking up >> some cycles in this list. >> Please forgive me. >> >> I have a pg_hba.conf file that is setup like this >> >> host db1 user1 222.152.155.194/32 md5 >> >> From time to time, my ISP changes my ip address on me. >> At that point, my connection to this DB is denied. >> >> I have to log in (ssh) to my server, edit this file with the new ip >> address, save and restart to get connectivity back. >> >> Is there a way to have a secure connection that can withstand >> changing ip addresses? > > > Not via an IP address, but you have bigger issues. You're passing all > your info unencrypted over the internet (basically including the > password). > > You should really setup SSL. That would also allow you to do > certificate-based authentication. > -- > Jim C. Nasby, Sr. Engineering Consultant jnasby@pervasive.com > Pervasive Software http://pervasive.com work: 512-231-6117 > vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461 > > > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Have you searched our list archives? > > http://archives.postgresql.org >