RE: SSH Server for MySQL-5.0.22 Server on WinXP-SP2

The windows IPSec is not the only IPSec solution for windows. I do not
recommend using openVPN nor SSH for this type of connection, your best
bet is a low level IPSec protocol, or SSL support for MySQL. If you add
too many intermediate layer, you will definitely observe performance
issues. If you do not like the windows IPSec solution, then definitely
invest the time into learning how to build MySQL from source. It will
be well worth the investment in time.

The biggest drawback for using openVPN is not so much the performance,
it would be the added complexity. openVPN lends itself very well to a
linux environment, where network interfaces are easily redirected, but
no so easily to windows. I don't mean to say that it can't be used,
just that it may not be the best choice. If you keep things simple,
your application will be more reliable.

Regards,
___________________________
Armand Welsh
AVP, Information Security
State Street IMS
42 Discovery
Irvine, CA 92618-3105
t: 949-932-1415 / f: 949-719-4192
 

-----Original Message-----
From: ssh@erdelynet.com [mailto:ssh@erdelynet.com] On Behalf Of Asif
Lodhi
Sent: Sunday, August 06, 2006 11:40 PM
To: ssh@erdelynet.com
Subject: Re: SSH Server for MySQL-5.0.22 Server on WinXP-SP2

Hi Mike,

Thanks for replying.

On 8/7/06, Mike Erdely <mike@erdelynet.com> wrote:
> Asif Lodhi wrote:
>> .......................
> > I have also taken a look at the
> > openVPN - that's also a very good solution but my understanding is
> > that I'll have to re-compile MySQL from scratch if I want to use
SSL.
> > Please correct me if I am wrong. I guess compiling from source is
> > NOTTTTTT a very easy process as far as Windows is concerned.
>
> Uhh... It seems you're seriously misunderstanding the difference
between
> SSH, SSL, OpenVPN and encrypted connections to MySQL.

I only need to encrypt my network traffic. I understand SSH is good
for getting occasional access to the server for management tasks but
having each user to connect to the server using SSH would be a bit of
an overkill. OpenVPN provides encryption as well - as far as I know
using SSL. AFAIK, MySQL doesn't come bundled with SSL support and
I'll have to recompile MySQL to get it accept connections from
SSL-enabled clients.

> Where are these 50 clients connecting from? The LAN, their homes?
...........
> network cards that encrypt all traffic as it hits the wire.

I have to live with whatever network cards are available.

> You can use the built in IPsec tunneling in Windows.

Windows' built-in IPSec is tooooooo complex to manage. In addition, I
want to manage it in a way so that I can migrate my application to
Linux later on when users are satisfied with the database performance
and everything. So opensource encryption options are very attractive
to me - OpenVPN, OpenSSH, copSSH, etc.,

> Recompiling MySQL for SSL support is a completely separate option from
> SSH or VPN. You'd probably have to recompile the MySQL clients (or
use
> a different library or whatever you're doing to connect to the
server).

All I am anxious about is whether I will achieve encrypted access to
MySQL-5.0.22 on WinXP2-SP2 from VB6/Windows clients if I use OpenVPN?
Will it work _without_ recompiling it from source? Actually, I read
some comments online at mysql.com which said MySQL doesn't come
bundled with SSL support and you have to recompile it to get it
working.

Any more comments?

--
Thanks in advance,
Asif
--
List Info:      http://erdelynet.com/ssh-l/
List Archives:  http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.com
--
List Info:      http://erdelynet.com/ssh-l/
List Archives:  http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.com