SSH Magic and Rails Development
Security is the most important piece when working with sandbox or
production platforms on your server. I’ve learned this the hard way
actually when approx. 3 years ago, someone hacked my PHP site by going
through phpmyadmin remotely and adding a special admin account to
vbulletin where they setup and staged a phishing site from my very own
When I posed the question a few days ago of what to use to administrate
your database, I was reminded of the fact that all remote utilities that
access your site, if not properly secured, can make your sandbox and
production environments very vulnerable.
SSH is one of the few local utilities you can use that, when properly
configured, is incredibly safe to administrate your site, and in a few
moments, I’ll even show you how you can develop with it.
How is SSH safe?
First, you can setup what port you want to connect from and exclude all
other connecting ports. So, if you setup your port on say, and this is
just an example, 24000, someone would have to know the port even to use
Secondly, you can add SSL certificates private/public to further limit
the connectivity to your site via SSH. This means that a person wanting
to connect with SSH will not only have to know the port, the username,
the password, they would also have to have key paired certificates on
their machine that matched what was on your remote server.
Tunneling from a secure SSH connection is much safer than accessing a
remote browser and working with your site. Tunneling has various uses,
especially if you want to connect and administrate your database.
Windows and Putty
I work from a windows environment but I know that most of you already
know what SSH is and how to access whatever tool you wish to use to do
it with. I like to use Putty when connecting securely through SSH on
both my sandbox/production platforms.
Here are the steps to enable tunneling:
- Open putty, select your saved session and click Load.
- In the far left pannel, under Connection, expand the section for
- Click Tunnels.
- In the source port type 3306 (or whatever port your db is using)
- In the destination type 127.0.0.1:3306
- Click ADD.
You will see L3306 127.0.0.1:3306, or something similar listed.
- Click Sessions in the left hand panel.
- Save your session so it includes tunnels.
- That’s it. Tunnels are now usable with putty.
Administrating Your Database using SSH
There’s actually a few ways to do this. Once you have putty open,
launched, and connected to your server, a tunnel is open between you and
your server securely. You can open any local database administration
tool on your machine and if you enter in localhost port 3306 and type in
your database credentials, it will automatically connect through the
tunnel to your database.
What tools can you use locally to do this with?
- MySQL Query Browser (if using mysql)
- PG Admin (if using postgres)
- PHPMyAdmin (if using wamp locally)
Wait a second, did I just see you put up phpmyadmin? I thought you said
it was unsecure?
Well, not if you are using it locally. My local computer has the
security equivallent of Fort Knox. I’m not using a remote version of
phpmyadmin. I’m using a local version of phpmyadmin with WAMP and have
no external broadcasting enabled. In order for someone to access a
local phpmyadmin on my machine, they would have to be able to connect to
So, secure SSH and tunneling has allowed me to administrate the server
through an SSH console and also to administrate my database using any of
my favorite local utilities. What else can it allow?
Rails Development on Sandbox
I use netbeans 6.7 (great features and works tremendously well when you
have a windows box - it works well with linux too).
If I open up netbeans, because the SSH tunnel is open, when I start the
server for development, it will contact and utilize the development
database on the server my tunnel is open to. So, if you have a sandbox
server for testing and you secure SSH tunnel to it, you can open up your
favorite development utility and connect straight to the development
SSH is fantastic. Use it. Learn about it. Secure it. When properly
configured, you can do a lot more things than you realize.