Security – TNR Global

New Systems and DevOps Blog

has lots of new approaches to discuss in terms of systems, cloud computing, DevOps, System Architecture, and how developers and systems staff need to communicate well and work together

Our VP of Systems Administration, Michael Klatsky has started a blog specifically discussing Systems. Fresh from the AWS Summit 2012 in NYC, Michael has lots of new approaches to discuss in terms of systems, cloud computing, DevOps, System Architecture, and how developers and systems staff need to communicate well and work together for the best results in web development. The blog is his own but we feel it’s a great technical resource for our colleagues in systems and web development. You can take a look at his blog here. Michael welcomes commentary and discussion, and hopes to provide some shortcuts for fellow System Administrators.

Securely specify mysql credentials in automated scripts

Often, you may want to run a script that uses a username and password to access data in a MySQL database. Securely running a script like this manually is easy – simply use the ‘-p’ option for the MySQL client, and it will prompt you for the password. However, this is not an option if you want to automate the script.

There are several ways to provide the password in a way that can be used with automated scripts, but only one that is both flexible and secure. You can specify the password on the command line itself (with ‘mysql -p ‘); however, this allows the password be seen by other users who run commands like ‘ps’. Another option is setting the environment variable “MYSQL_PWD” to the password, but this can also be seen by other users. Continue reading “Securely specify mysql credentials in automated scripts”

OpenSSH SOCKS proxy support

Often, when you’re administering or developing on servers remotely, you may need to access resources that are not available to the public. There are several different ways that you can gain access to protected services from a remote location, including a VPN, port forwarding over SSH, and stunnel.

However, one method that is not as well known is OpenSSH’s SOCKS proxy option. Introduced in OpenSSH 3.7, SOCKS support allows you to easily tunnel traffic from any application that has support for a SOCKS4 or SOCKS5 proxy through your SSH connection. To do this, you simply need to add ‘-D <port>’ to your ssh connection string, where <port> is the port you would like your proxy to run on. Then, configure your application to use a proxy at localhost:<port>, and all of the traffic from that application will be tunneled through your SSH connection.

In addition to accessing protected resources, you can also use this for more everyday tasks – such as encrypting traffic sent over a public wireless connection.