Note that the server will not think the connection is SSL-encrypted, since in fact it is not encrypted between the SSH server and the PostgreSQL server. To the database server it will then look as though you are really user joe on host foo.com connecting to localhost in that context, and it will use whatever authentication procedure was configured for connections from this user and host. In order to connect to the database server using this tunnel, you connect to port 63333 on the local machine: psql -h localhost -p 63333 postgres The name or IP address between the port numbers is the host with the database server you are going to connect to, as seen from the host you are logging in to, which is foo.com in this example. (IANA reserves ports 49152 through 65535 for private use.) The second number, 5432, is the remote end of the tunnel: the port number your server is using. Then you can establish a secure tunnel with a command like this from the client machine: ssh -L 63333:localhost:5432 first number in the -L argument, 63333, is the port number of your end of the tunnel it can be any unused port. Done properly, this provides an adequately secure network connection, even for non-SSL-capable clients.įirst make sure that an SSH server is running properly on the same machine as the PostgreSQL server and that you can log in using ssh as some user.
![postgres ssh tunnel postgres ssh tunnel](https://www.domainesia.com/asset/uploads/2020/07/Screen-Shot-2020-07-10-at-1.58.55-PM.png)
It is possible to use SSH to encrypt the network connection between clients and a PostgreSQL server.
![postgres ssh tunnel postgres ssh tunnel](http://postgresonline.com/images/journal/pgadminssh.png)
![postgres ssh tunnel postgres ssh tunnel](https://i.stack.imgur.com/5Yv7m.png)
Secure TCP/IP Connections with SSH Tunnels