SSH or SSL

Discussion of open issues, suggestions and bugs regarding ADO.NET provider for MySQL
Post Reply
KW
Posts: 135
Joined: Tue 19 Feb 2008 19:12

SSH or SSL

Post by KW » Mon 17 Mar 2008 18:46

I've been able to get both the SSH and SSL connections working very easily with the mydirect.net connector.

I'd like to use SSL, but I think SSH might be more secure. In order to use SSL over the internet, I'd have to expose the mysql server port and use the GRANT syntax to make sure logins are required to use SSL.

Is SSL safe to use over the internet?

My question, can you give me, in your professional opinion, a recommendation on which to use?

Alexey.mdr
Posts: 729
Joined: Thu 13 Dec 2007 10:24

Post by Alexey.mdr » Tue 18 Mar 2008 08:02

It depends on the system architecture and requirements.
If you need a secured connection you might use SSL.
If you require tunnelling, SSH would be suitable.

For more information please refer to:
http://seifried.org/security/cryptograp ... l-ssh.html

KW
Posts: 135
Joined: Tue 19 Feb 2008 19:12

Post by KW » Tue 18 Mar 2008 17:54

Alexey.mdr wrote:It depends on the system architecture and requirements.
If you need a secured connection you might use SSL.
If you require tunnelling, SSH would be suitable.

For more information please refer to:
http://seifried.org/security/cryptograp ... l-ssh.html
Right.

But is it more secure to tunnel ( because a firewall is blocking port 3306) or is it ok to open up port 3306 to your mysql and enforce SSL?

The article you linked me claimed it was written in 2000, 8 years ago. Does that still apply today?

Alexey.mdr
Posts: 729
Joined: Thu 13 Dec 2007 10:24

Post by Alexey.mdr » Wed 19 Mar 2008 13:26

Well, actually yes. The link is really quite old, but the main principles haven't changed from that time.
The ideas are basically the same.
Here are some features of SSL and SSH.
SSL:
  • you have to open the port for data flow (like 3306).
  • MySQL server must support SSL
SSH:
  • you need a special proxy SSH server
  • SSH doesn't require an open data flow port, as you may use port # 80.
In both cases you have to make extensive configuration work, but once configured properly you can breath freely and happily.
The data exchange is fully secured.

Post Reply