Hi Philip, Have you considered the use of something like OpenVPN instead? OpenVPN seems more purpose-built for your needs, although as many have pointed out you may already have a specific need for SSH.
Good luck. -- Federico Sevilla III, CISSP, CSM, LPIC-2 Chief Executive Officer F S 3 Consulting Inc. http://www.fs3.ph On Fri, 2010-10-22 at 09:05 +0800, Philip Morales wrote: > exactly this will be implemented to almost one thousand database servers. > connection needs to be stable, since ssh port forwarding cannot > act as a daemon if anything disrupts connection the tunnel will have to be > manually reconnected again to resume database connectivity. > > im thinking of putting a dedicated ssh tunnelling jumphost cluster for this. > > > --- On Thu, 10/21/10, Bopolissimus Platypus Jr <[email protected]> > wrote: > > > From: Bopolissimus Platypus Jr <[email protected]> > > Subject: Re: [plug] SSH port forwarding to encrypt database connection > > To: "Philippine Linux Users' Group (PLUG) Technical Discussion List" > > <[email protected]> > > Date: Thursday, 21 October, 2010, 5:04 AM > > On Thu, Oct 21, 2010 at 2:27 AM, > > Philip Morales <[email protected]> > > wrote: > > > fleet wide? > > > > what does "fleet" mean in this context? are the users > > actually on > > cars or trucks? how stable is the internet > > connectivity like? if the > > connectivity isn't stable, will ssh automatically reconnect > > when it > > loses and regains connectivity? will the end user > > application detect > > that the connection is down and reconnect? > > > > ssh connects via TCP and when the underlying internet > > connection goes > > down, the ssh process will exit and any connections > > tunnelled over > > that ssh connection will also go down. so all of > > those connections > > will need to be reconnected. > > > > tiger > > > > -- > > Gerald Timothy Quimpo http://bopolissimus.blogspot.com > > [email protected] > > [email protected] > > > > Even Tom Lane said: "Or, if you're worried > > about actions from functions, use a trigger > > to do the logging. There are approximately > > no cases where a rule is really better than > > a trigger :-( " > > _________________________________________________ > > Philippine Linux Users' Group (PLUG) Mailing List > > http://lists.linux.org.ph/mailman/listinfo/plug > > Searchable Archives: http://archives.free.net.ph > > > > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph
signature.asc
Description: This is a digitally signed message part
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
