Participants
Bruce Momjian
Bruce Momjian
PG Bug reporting form
PG Bug reporting form
Tom Lane
Tom Lane
David G. Johnston
David G. Johnston
Attachments
Download Latest Patchset
+22-17
Show all attachments
Thread Outline
#1PG Bug reporting formPG Bug reporting form
Aug 27, 2020
#2Tom LaneTom Laneto PG Bug reporting form (#1)
Aug 28, 2020
#3David G. JohnstonDavid G. Johnstonto Tom Lane (#2)
Aug 28, 2020
#4Bruce MomjianBruce Momjianto David G. Johnston (#3)
Sep 01, 2020
#5Bruce MomjianBruce Momjianto Bruce Momjian (#4)
Oct 03, 2020

small clairifcation

Started by PG Bug reporting formover 5 years ago5 messagesdocs
Jump to latest
#1PG Bug reporting form
PG Bug reporting form
noreply@postgresql.org

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/9.5/ssh-tunnels.html
Description:

"The first number in the -L argument, 63333, is the port number of your end
of the tunnel; it can be any unused port. (IANA reserves ports 49152 through
65535 for private use.) The second number, 5432, is the remote end of the
tunnel: the port number your server is using. "
as a beginner This took me some time to understand what do you mean by "your
server" "your end of the tunnel "

#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: PG Bug reporting form (#1)
Re: small clairifcation

PG Doc comments form <noreply@postgresql.org> writes:

The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/9.5/ssh-tunnels.html
Description:

"The first number in the -L argument, 63333, is the port number of your end
of the tunnel; it can be any unused port. (IANA reserves ports 49152 through
65535 for private use.) The second number, 5432, is the remote end of the
tunnel: the port number your server is using. "

as a beginner This took me some time to understand what do you mean by "your
server" "your end of the tunnel "

Hm, do you have a suggestion for better wording?

regards, tom lane

#3David G. Johnston
David G. Johnston
david.g.johnston@gmail.com
In reply to: Tom Lane (#2)
Re: small clairifcation

On Thu, Aug 27, 2020 at 6:17 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:

PG Doc comments form <noreply@postgresql.org> writes:

The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/9.5/ssh-tunnels.html
Description:

"The first number in the -L argument, 63333, is the port number of your

end

of the tunnel; it can be any unused port. (IANA reserves ports 49152

through

65535 for private use.) The second number, 5432, is the remote end of the
tunnel: the port number your server is using. "

as a beginner This took me some time to understand what do you mean by

"your

server" "your end of the tunnel "

Hm, do you have a suggestion for better wording?

I agree on the need for a different perspective here since it reads just
fine once you know what it is talking about.

But absent that maybe a slightly more tutorial flow would be good.

```
First make sure you can connect to the remote machine that is able to
access the PostgreSQL server (in this example the PostgreSQL server is
running on said remote machine).

local> ssh joe@foo.com

Once connected, confirm that while on that machine you are able to connect
to the PostgreSQL server via psql.

remote> psql -h localhost -p 5432 postgres

Now that we have confirmed that the two seperate parts are working, the ssh
connection and the psql connection, we can create a tunnel so that we can
execute psql on our local machine but have the PostgreSQL server see the
inbound connection as coming from the remote machine. To do this we need
to set up a server-like process on the local machine to accept the
connection from psql and then transmit the data to the remote machine.
Since psql is looking for a port number to connect to, 5432 when executed
on the remote machine, we need to specify which one to use on the local
machine. For this example we choose 63333 (it can be any number between
49152 and 65535, and must not be in use already [footnote if more detail is
desired]). We are, in effect, merging the ssh and psql commands above into
a hybrid command that maps the remote psql location information to a local
address and port. ssh, in this tunnel mode, always just listens to its
loopback address so only the local port (6333) is required; but both the
remote host (which is using its own loopback address - the localhost thus
refers to this) and port (5432) are needed as that end of the tunnel can
point anywhere visible to the remote machine (foo.com).

local> ssh -L 63333:localhost:5432 joe@foo.com

Now we locally launch psql, connecting to localhost:63333, and ssh on
foo.com proxies the stream to its localhost:5432 connection.

local> psql -h localhost -p 63333
```

I haven't considered how or whether the more advanced details would change
if we expand upon and reword the basic section to be more like the above.

I am curious about whether and why this method absolutely guarantees that
the resultant connection within the tunnel is not SSL-encrypted.

David J.

#4Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: David G. Johnston (#3)
Re: small clairifcation

On Thu, Aug 27, 2020 at 09:51:49PM -0700, David G. Johnston wrote:

On Thu, Aug 27, 2020 at 6:17 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:

PG Doc comments form <noreply@postgresql.org> writes:

The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/9.5/ssh-tunnels.html
Description:

"The first number in the -L argument, 63333, is the port number of your

end

of the tunnel; it can be any unused port. (IANA reserves ports 49152

through

65535 for private use.) The second number, 5432, is the remote end of the
tunnel: the port number your server is using. "

as a beginner This took me some time to understand what do you mean by

"your

server" "your end of the tunnel "

Hm, do you have a suggestion for better wording?

I agree on the need for a different perspective here since it reads just fine
once you know what it is talking about.

But absent that maybe a slightly more tutorial flow would be good.

I didn't think a tutorial flow was the right thing to here, so I
reworded the section to be more details and have a clearer flow ---
patch attached.

--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EnterpriseDB https://enterprisedb.com

The usefulness of a cup is in its emptiness, Bruce Lee

Attachments:

ssh.difftext/x-diff; charset=us-asciiDownload+22-17
#5Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Bruce Momjian (#4)
Re: small clairifcation

On Mon, Aug 31, 2020 at 08:42:57PM -0400, Bruce Momjian wrote:

On Thu, Aug 27, 2020 at 09:51:49PM -0700, David G. Johnston wrote:

On Thu, Aug 27, 2020 at 6:17 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:

PG Doc comments form <noreply@postgresql.org> writes:

The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/9.5/ssh-tunnels.html
Description:

"The first number in the -L argument, 63333, is the port number of your

end

of the tunnel; it can be any unused port. (IANA reserves ports 49152

through

65535 for private use.) The second number, 5432, is the remote end of the
tunnel: the port number your server is using. "

as a beginner This took me some time to understand what do you mean by

"your

server" "your end of the tunnel "

Hm, do you have a suggestion for better wording?

I agree on the need for a different perspective here since it reads just fine
once you know what it is talking about.

But absent that maybe a slightly more tutorial flow would be good.

I didn't think a tutorial flow was the right thing to here, so I
reworded the section to be more details and have a clearer flow ---
patch attached.

Patch applied to all supported versions. Thanks for the report.

--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EnterpriseDB https://enterprisedb.com

The usefulness of a cup is in its emptiness, Bruce Lee

← Back to Topics