DBA > Job Interview Questions > Sybase Interview Questions and Answers

How do I make isql secure in Sybase?

More DBA job interview questions and answers at http://dba.fyicenter.com/Interview-Questions/

(Continued from previous question...)

How do I make isql secure in Sybase?

isql uses the open/client libraries, which have no built in means of securing the packets that I know of. However, it is possible to use ssh to do all of the work for you. It is really quite straightforward. I saw this first published on the Sybase-L list by Tim Ellis, so all of the credit gos to him.

1. You will need a server running sshd that you have access to, which also has access to the ASE server.
2. Choose a port that you are going to make your secure connection from. Just like all ASE port selections it is totally arbitrary, but you if you were setting up a number of these, then you might want to think about a strategy. Regular server + 100 or something. Just make sure that it does not, and will not, clash with any of your regular servers.
3. Edit the interfaces file on the client side and set up a new server with an IP address of localhost and the port number you chose in the previous point. You might want to call it SERVER_SSH just to make sure that you know that it is the secure one. 4. Run the following ssh command:
ssh -2 -N -f -L port_chosen_above:remote_server:remote_port user@ssh.server.com
5. Connect to the server using isql -Uuser -SSERVER_SSH


In the ssh line, the -2 means use that version of the protocol (obviously it must be supported by your client and server). -f forces the ssh into the background. Not supported by version 1 only clients. -N means do not prompt for input. Again, this is not supported by version 1 clients.

The user@ssh.server.com refers to the sshd server that you have access to.

Let us look at an example. You have a server running ASE on port 4100. (Make sure that this port is *not* visible from the outside world, otherwise it is wide open to people attacking it directly.) I have not tried all of the ins and outs of this, I am happy to take advice, but on this same machine you have a copy of sshd running that you can see from the outside world.

Choose another port that you are going to have as your secure port. Let's call it 5100 for the sake of argument. Edit the interfaces file on the client machine (which is presumably somewhere in untrusted land, say a client site) and add a new server, lets call it MYSERVER_SSH and have it listen on localhost,5100.

Now execute the ssh magic, again from the client machine:
ssh -2 -N -f -L 5100:myserver.com:4100 sybase@myserver.com
Now connect to it using
isql -Usa -SMYSERVER_SSH
and you should get the familiar 1> prompt. All traffic to and from the server is going via an SSH tunnel, and so can be considered relatively secure.

(Continued on next question...)

Other Job Interview Questions