On Wed, 06 Sep 2006 09:29:59 -0700, Paul Rubin wrote: > Reid Priedhorsky <[EMAIL PROTECTED]> writes: >> I know how to forward ports using SSH, but I don't like doing this because >> then anyone who knows the port number can connect to Postgres over the >> same tunnel. (I'm not the only user on the client machine.) > > Wouldn't they need a database password?
Well, right now, no. I have Postgres configured to trust the OS on who is who. I would prefer not to change that because I don't want another place containing authentication information. I'd like to connect by entering only my SSH password, not my SSH password and a database password too. This is why straight SSH tunneling, as suggested by Marshall and Larry, isn't satisfactory: once I've set up the tunnel, anyone on the local machine can connect to the tunnel and then they have passwordless access into the database. I control the database machine, and the only user is me. I don't control the local machine, and it has many users I don't trust. Thanks, Reid -- http://mail.python.org/mailman/listinfo/python-list
