From owner-freebsd-security  Tue Apr 18 21: 0: 8 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ducky.nz.freebsd.org (chilled.unixathome.org [203.79.82.27])
	by hub.freebsd.org (Postfix) with ESMTP id 40D9B37B998
	for <freebsd-security@freebsd.org>; Tue, 18 Apr 2000 21:00:00 -0700 (PDT)
	(envelope-from dan@langille.org)
Received: from localhost (dan@localhost)
	by ducky.nz.freebsd.org (8.9.3/8.9.3) with ESMTP id PAA20435
	for <freebsd-security@freebsd.org>; Wed, 19 Apr 2000 15:59:53 +1200 (NZST)
Date: Wed, 19 Apr 2000 15:59:51 +1200 (NZST)
From: Dan Langille <dan@langille.org>
X-Sender: dan@ducky.nz.freebsd.org
To: freebsd-security@freebsd.org
Subject: using mysql over ssh
Message-ID: <Pine.BSF.4.21.0004191550130.17472-100000@ducky.nz.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I want to access a mysql database remotely.  I've had success with the
following approach:

 ssh user@mydomain.org /usr/local/mysql/bin/mysql -uuserid
           -ppassword dbname < mysql.sql

where mysql.sql contains the SQL statements I wish to run.

I have two issues with this approach:

1 - The mysql password is supplied on the command line.  I don't like
that.  How can I avoid that?

2 - To achieve the ssh login, I copied the contents of ~/.ssh/identity.pub
to ~/.ssh/authorized_keys on the remote box.  How much of a risk is it
allowing logins like that?  My feeling is that if I trust the security on
the local box, it's not an issue.  Comments?

Any other suggestions/recommendations will be appreciated.

cheers



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message