Jump to content

Using PuTTY and SSH instead of SSL


JerrySalem
 Share

This topic is 2342 days old. Please don't post here. Open a new topic instead.

Recommended Posts

I have a client who has been using PuTTY to create an SSH tunnel to their database for remote access.  I think they were doing this for historical reasons.  Their database was originally FM6.

They migrated to FM 11 successfully a couple of years ago.  Recently,  they moved to FM14 and have been experiencing problems.  Although largely consolidated, the solution still has a couple of files.  Since migrating to FM14, remote users have been experiencing numerous dropouts and other issues.

During testing, we haven't seen any of these problems.  Our test server uses SSL to encrypt the data in transit.

Has anyone ever used PuTTY while connecting to a FM server? 

TIA

Jerry

 

 

Edited by JerrySalem
typo
Link to comment
Share on other sites

I don't think I completely follow the setup.  PuTTy is a secure shell client, the idea is that it gives you a shell to type in commands that get executed on the remote machine...

So you can't really create an SSH tunnel to a database.  You can create one to a machine and get on that machine's "command prompt / terminal".

Sounds like they think they have a VPN-like connection through PuTTy but that is not quite the same... PuTTy does not encrypt all traffic between the environments and while there are ways to use the SSH Tunnels feature in PuTTy that requires at least two PuTTy sessions and some brittle port forwarding.

 

 

Link to comment
Share on other sites

I agree with Wim, in that it seems like a fragile setup that could be replaced with better options like SSL cert on the server or VPN. It also may be an issue that other ports might come into play other than 5003, especially if container fields are used.

Mike

Link to comment
Share on other sites

Agreed, they are doing something like a VPN using PuTTY.  I believe the way they have it set up it does encrypt the traffic.

I am looking to see if anyone else actually uses this type of configuration, or something similar.  

While PuTTY seems to have served them well for many years, I think it is time to 'get with the program' and move to SSL.  In order to do this, I need to convince the IT department. :) 

Thanks

Link to comment
Share on other sites

9 hours ago, JerrySalem said:

While PuTTY seems to have served them well for many years, I think it is time to 'get with the program' and move to SSL.  In order to do this, I need to convince the IT department. :) 

 

I wouldn't think that should be too much of a problem.  The PuTTy tunnels feature that they are probably using is really nothing more than a "poor man's VPN", it's a bit of a hack.  I don't think any IT department worth its salt would be happy with that kind of setup.

If they use the same thing for other applications then they probably want a real VPN more than just enabling SSL on the FMS side.  Even if it is just for FM traffic they may prefer a VPN to have that extra level of authentication and reduce the # of open ports on their firewall.

 

Link to comment
Share on other sites

This topic is 2342 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.