PostgreSQL Maestro online Help
Prev | Return to chapter overview | Next |
Connection parameters
PostgreSQL Maestro allows you to connect to PostgreSQL directly, or via Secure SHell (SSH) tunnel, or HTTP tunnel.
• | Direct connection |
It is the most natural and the most preferable connection mode. Use it each time it is possible.
• | SSH tunnel connection |
If your PostgreSQL server does not allow direct connections from your remote workstations, you can establish connection to an allowed intermediate SSH server and forward all PostgreSQL commands through the Secure SHell (SSH) tunnel.
• | HTTP tunnel connection |
HTTP tunneling is a technique used in conditions of restricted network connectivity including firewalled networks, networks behind proxy servers, and NATs. It is the slowest way and is recommended to use if the others are impossible.
Irrespectively of a connection mode you should specify common credentials as follows:
Host
The host name of the PostgreSQL server.
Port number
The TCP/IP port to use. Default PostgreSQL port is 5432.
SSL Options
It is possible for both the client and server to provide SSL certificates to each other. It takes some extra configuration on each side, but this provides stronger verification of identity than the mere use of passwords. For more information about using SSL encryption, see the PostgreSQL documentation.
First, specify the SSL Mode to be used. You can Disable, Allow, Prefer or Require SSL encryption. Select Verify-CA to allow the server to verify that the client's certificate is signed by one of the trusted certificate authorities. If Verify-Full is selected, the server will not only verify the certificate chain, but it will also check whether the username or its mapping matches the cn (Common Name) of the provided certificate.
Client certificate Use this field to specify the file containing the client SSL certificate. This file will replace the default ~/.postgresql/postgresql.crt if pgAdmin is installed in Desktop mode, and <STORAGE_DIR>/<USERNAME>/.postgresql/postgresql.crt if pgAdmin is installed in Web mode. This parameter is ignored if an SSL connection is not made.
Client certificate key Specify here the file containing the secret key used for the client certificate. This file will replace the default ~/.postgresql/postgresql.key if pgAdmin is installed in Desktop mode, and <STORAGE_DIR>/<USERNAME>/.postgresql/postgresql.key if pgAdmin is installed in Web mode. This parameter is ignored if an SSL connection is not made.
Root certificate Specify here the file containing the SSL certificate authority. This file will replace the default ~/.postgresql/root.crt. This parameter is ignored if an SSL connection is not made.
Certificate revocation list Use this field to specify the file containing the SSL certificate revocation list. This list will replace the default list, found in ~/.postgresql/root.crl. This parameter is ignored if an SSL connection is not made.
SSL compression If this option is ON, data sent over SSL connections will be compressed. The default value is False (compression is disabled). This parameter is ignored if an SSL connection is not made. |
User name
The username used to connect to PostgreSQL.
Password
The password for the user account on server.
More about SSH tunnel connection
To establish connection to intermediate SSH server and forward all PostgreSQL commands through the secure tunnel, you need to:
Host name Specify the host name or IP of your site. Note, that PostgreSQL host name always should be set relatively to the SSH server. For example, if both of PostgreSQL and SSH servers are located on the same computer, you should specify localhost as Host name instead of server's external host name or IP address.
Port number Enter the port number for the SSH server. 4. Enter valid User name for the remote server and select the Authentication method and set corresponding credentials.
Password-based Set the password corresponding to the specified user.
Key-based Specify the path to the Private key file with the corresponding Passphrase to log in to the remote server. PostgreSQL Maestro accepts keys in ssh.com or OpenSSH formats. To convert a private key from PuTTY's format to one of the formats supported by our software, use the PuTTYgen utility that can be freely downloaded from the PuTTY website.
Keyboard interactive Keyboard authentication is the advanced form of password authentication, aimed specifically at the human operator as a client. During keyboard authentication zero or more prompts (questions) is presented to the user. The user should give the answer to each prompt (question). The number and contents of the questions are virtually not limited, so certain types of automated logins are also possible. |
More about connection via HTTP tunnel
To connect to a remote server using an HTTP tunnel, you need to:
Note: You are actually connecting to your database through the PHP script on the server, so in most cases the host/server name is "localhost" unless the target database server is not installed on the same computer as the Web server.
|