Rails - Aug 2009 - SSH Magic and Rails Development

===============================SSH Magic and Rails Development
===============================(i) Security:

Security is the most important piece when working with sandbox or
production platforms on your server.  I''ve learned this the hard way
actually when approx. 3 years ago, someone hacked my PHP site by going
through phpmyadmin remotely and adding a special admin account to
vbulletin where they setup and staged a phishing site from my very own
server.

When I posed the question a few days ago of what to use to administrate
your database, I was reminded of the fact that all remote utilities that
access your site, if not properly secured, can make your sandbox and
production environments very vulnerable.

SSH:

SSH is one of the few local utilities you can use that, when properly
configured, is incredibly safe to administrate your site, and in a few
moments, I''ll even show you how you can develop with it.

How is SSH safe?

First, you can setup what port you want to connect from and exclude all
other connecting ports.  So, if you setup your port on say, and this is
just an example, 24000, someone would have to know the port even to use
SSH.

Secondly, you can add SSL certificates private/public to further limit
the connectivity to your site via SSH.  This means that a person wanting
to connect with SSH will not only have to know the port, the username,
the password, they would also have to have key paired certificates on
their machine that matched what was on your remote server.

SSH Tunneling

Tunneling from a secure SSH connection is much safer than accessing a
remote browser and working with your site.  Tunneling has various uses,
especially if you want to connect and administrate your database.

Windows and Putty

I work from a windows environment but I know that most of you already
know what SSH is and how to access whatever tool you wish to use to do
it with.  I like to use Putty when connecting securely through SSH on
both my sandbox/production platforms.

Here are the steps to enable tunneling:

1.  Open putty, select your saved session and click Load.
2.  In the far left pannel, under Connection, expand the section for
SSH.
3.  Click Tunnels.
4.  In the source port type 3306 (or whatever port your db is using)
5.  In the destination type 127.0.0.1:3306
6.  Click ADD.

You will see L3306 127.0.0.1:3306, or something similar listed.

7.  Click Sessions in the left hand panel.
8.  Save your session so it includes tunnels.
9.  That''s it.  Tunnels are now usable with putty.

Administrating Your Database using SSH

There''s actually a few ways to do this.  Once you have putty open,
launched, and connected to your server, a tunnel is open between you and
your server securely.  You can open any local database administration
tool on your machine and if you enter in localhost port 3306 and type in
your database credentials, it will automatically connect through the
tunnel to your database.

What tools can you use locally to do this with?

1.  MySQL Query Browser (if using mysql)
2.  PG Admin (if using postgres)
3.  PHPMyAdmin (if using wamp locally)

Wait a second, did I just see you put up phpmyadmin?  I thought you said
it was unsecure?

Well, not if you are using it locally.  My local computer has the
security equivallent of Fort Knox.  I''m not using a remote version of
phpmyadmin.  I''m using a local version of phpmyadmin with WAMP and have
no external broadcasting enabled.  In order for someone to access a
local phpmyadmin on my machine, they would have to be able to connect to
my machine.

So, secure SSH and tunneling has allowed me to administrate the server
through an SSH console and also to administrate my database using any of
my favorite local utilities.  What else can it allow?

Rails Development on Sandbox

I use netbeans 6.7 (great features and works tremendously well when you
have a windows box - it works well with linux too).

If I open up netbeans, because the SSH tunnel is open, when I start the
server for development, it will contact and utilize the development
database on the server my tunnel is open to.  So, if you have a sandbox
server for testing and you secure SSH tunnel to it, you can open up your
favorite development utility and connect straight to the development
database there.

Summary

SSH is fantastic.  Use it.  Learn about it.  Secure it.  When properly
configured, you can do a lot more things than you realize.
-- 
Posted via http://www.ruby-forum.com/.

+1 Nice article. Thanks

On Fri, Aug 14, 2009 at 12:05 PM, Alpha Blue <
rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:
>
> ===============================> SSH Magic and Rails Development
> ===============================> (i) Security:
>
> Security is the most important piece when working with sandbox or
> production platforms on your server.  I''ve learned this the hard
way
> actually when approx. 3 years ago, someone hacked my PHP site by going
> through phpmyadmin remotely and adding a special admin account to
> vbulletin where they setup and staged a phishing site from my very own
> server.
>
> When I posed the question a few days ago of what to use to administrate
> your database, I was reminded of the fact that all remote utilities that
> access your site, if not properly secured, can make your sandbox and
> production environments very vulnerable.
>
> SSH:
>
> SSH is one of the few local utilities you can use that, when properly
> configured, is incredibly safe to administrate your site, and in a few
> moments, I''ll even show you how you can develop with it.
>
> How is SSH safe?
>
> First, you can setup what port you want to connect from and exclude all
> other connecting ports.  So, if you setup your port on say, and this is
> just an example, 24000, someone would have to know the port even to use
> SSH.
>
> Secondly, you can add SSL certificates private/public to further limit
> the connectivity to your site via SSH.  This means that a person wanting
> to connect with SSH will not only have to know the port, the username,
> the password, they would also have to have key paired certificates on
> their machine that matched what was on your remote server.
>
> SSH Tunneling
>
> Tunneling from a secure SSH connection is much safer than accessing a
> remote browser and working with your site.  Tunneling has various uses,
> especially if you want to connect and administrate your database.
>
> Windows and Putty
>
> I work from a windows environment but I know that most of you already
> know what SSH is and how to access whatever tool you wish to use to do
> it with.  I like to use Putty when connecting securely through SSH on
> both my sandbox/production platforms.
>
> Here are the steps to enable tunneling:
>
> 1.  Open putty, select your saved session and click Load.
> 2.  In the far left pannel, under Connection, expand the section for
> SSH.
> 3.  Click Tunnels.
> 4.  In the source port type 3306 (or whatever port your db is using)
> 5.  In the destination type 127.0.0.1:3306
> 6.  Click ADD.
>
> You will see L3306 127.0.0.1:3306, or something similar listed.
>
> 7.  Click Sessions in the left hand panel.
> 8.  Save your session so it includes tunnels.
> 9.  That''s it.  Tunnels are now usable with putty.
>
> Administrating Your Database using SSH
>
> There''s actually a few ways to do this.  Once you have putty open,
> launched, and connected to your server, a tunnel is open between you and
> your server securely.  You can open any local database administration
> tool on your machine and if you enter in localhost port 3306 and type in
> your database credentials, it will automatically connect through the
> tunnel to your database.
>
> What tools can you use locally to do this with?
>
> 1.  MySQL Query Browser (if using mysql)
> 2.  PG Admin (if using postgres)
> 3.  PHPMyAdmin (if using wamp locally)
>
> Wait a second, did I just see you put up phpmyadmin?  I thought you said
> it was unsecure?
>
> Well, not if you are using it locally.  My local computer has the
> security equivallent of Fort Knox.  I''m not using a remote version
of
> phpmyadmin.  I''m using a local version of phpmyadmin with WAMP and
have
> no external broadcasting enabled.  In order for someone to access a
> local phpmyadmin on my machine, they would have to be able to connect to
> my machine.
>
> So, secure SSH and tunneling has allowed me to administrate the server
> through an SSH console and also to administrate my database using any of
> my favorite local utilities.  What else can it allow?
>
> Rails Development on Sandbox
>
> I use netbeans 6.7 (great features and works tremendously well when you
> have a windows box - it works well with linux too).
>
> If I open up netbeans, because the SSH tunnel is open, when I start the
> server for development, it will contact and utilize the development
> database on the server my tunnel is open to.  So, if you have a sandbox
> server for testing and you secure SSH tunnel to it, you can open up your
> favorite development utility and connect straight to the development
> database there.
>
> Summary
>
> SSH is fantastic.  Use it.  Learn about it.  Secure it.  When properly
> configured, you can do a lot more things than you realize.
> --
> Posted via http://www.ruby-forum.com/.
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Thanks for share!

2009/8/15 Maximiliano Guzman
<maximiliano.guzman-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> +1 Nice article. Thanks
>
>
> On Fri, Aug 14, 2009 at 12:05 PM, Alpha Blue <
> rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:
>
>>
>> ===============================>> SSH Magic and Rails Development
>> ===============================>> (i) Security:
>>
>> Security is the most important piece when working with sandbox or
>> production platforms on your server.  I''ve learned this the
hard way
>> actually when approx. 3 years ago, someone hacked my PHP site by going
>> through phpmyadmin remotely and adding a special admin account to
>> vbulletin where they setup and staged a phishing site from my very own
>> server.
>>
>> When I posed the question a few days ago of what to use to administrate
>> your database, I was reminded of the fact that all remote utilities
that
>> access your site, if not properly secured, can make your sandbox and
>> production environments very vulnerable.
>>
>> SSH:
>>
>> SSH is one of the few local utilities you can use that, when properly
>> configured, is incredibly safe to administrate your site, and in a few
>> moments, I''ll even show you how you can develop with it.
>>
>> How is SSH safe?
>>
>> First, you can setup what port you want to connect from and exclude all
>> other connecting ports.  So, if you setup your port on say, and this is
>> just an example, 24000, someone would have to know the port even to use
>> SSH.
>>
>> Secondly, you can add SSL certificates private/public to further limit
>> the connectivity to your site via SSH.  This means that a person
wanting
>> to connect with SSH will not only have to know the port, the username,
>> the password, they would also have to have key paired certificates on
>> their machine that matched what was on your remote server.
>>
>> SSH Tunneling
>>
>> Tunneling from a secure SSH connection is much safer than accessing a
>> remote browser and working with your site.  Tunneling has various uses,
>> especially if you want to connect and administrate your database.
>>
>> Windows and Putty
>>
>> I work from a windows environment but I know that most of you already
>> know what SSH is and how to access whatever tool you wish to use to do
>> it with.  I like to use Putty when connecting securely through SSH on
>> both my sandbox/production platforms.
>>
>> Here are the steps to enable tunneling:
>>
>> 1.  Open putty, select your saved session and click Load.
>> 2.  In the far left pannel, under Connection, expand the section for
>> SSH.
>> 3.  Click Tunnels.
>> 4.  In the source port type 3306 (or whatever port your db is using)
>> 5.  In the destination type 127.0.0.1:3306
>> 6.  Click ADD.
>>
>> You will see L3306 127.0.0.1:3306, or something similar listed.
>>
>> 7.  Click Sessions in the left hand panel.
>> 8.  Save your session so it includes tunnels.
>> 9.  That''s it.  Tunnels are now usable with putty.
>>
>> Administrating Your Database using SSH
>>
>> There''s actually a few ways to do this.  Once you have putty
open,
>> launched, and connected to your server, a tunnel is open between you
and
>> your server securely.  You can open any local database administration
>> tool on your machine and if you enter in localhost port 3306 and type
in
>> your database credentials, it will automatically connect through the
>> tunnel to your database.
>>
>> What tools can you use locally to do this with?
>>
>> 1.  MySQL Query Browser (if using mysql)
>> 2.  PG Admin (if using postgres)
>> 3.  PHPMyAdmin (if using wamp locally)
>>
>> Wait a second, did I just see you put up phpmyadmin?  I thought you
said
>> it was unsecure?
>>
>> Well, not if you are using it locally.  My local computer has the
>> security equivallent of Fort Knox.  I''m not using a remote
version of
>> phpmyadmin.  I''m using a local version of phpmyadmin with WAMP
and have
>> no external broadcasting enabled.  In order for someone to access a
>> local phpmyadmin on my machine, they would have to be able to connect
to
>> my machine.
>>
>> So, secure SSH and tunneling has allowed me to administrate the server
>> through an SSH console and also to administrate my database using any
of
>> my favorite local utilities.  What else can it allow?
>>
>> Rails Development on Sandbox
>>
>> I use netbeans 6.7 (great features and works tremendously well when you
>> have a windows box - it works well with linux too).
>>
>> If I open up netbeans, because the SSH tunnel is open, when I start the
>> server for development, it will contact and utilize the development
>> database on the server my tunnel is open to.  So, if you have a sandbox
>> server for testing and you secure SSH tunnel to it, you can open up
your
>> favorite development utility and connect straight to the development
>> database there.
>>
>> Summary
>>
>> SSH is fantastic.  Use it.  Learn about it.  Secure it.  When properly
>> configured, you can do a lot more things than you realize.
>> --
>> Posted via http://www.ruby-forum.com/.
>>
>>
>>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---