I forgot to mention in my reply:
Just sending it over HTTPS port does not encrypt it. It needs to be
encrypted at the source. All ports are unencrypted. It needs to be
encrypted at some point before it touches the network. So just to remind
everyone on the list, port 443 / HTTPS is NOT ENCRYPTED. Just changing
the port does not encrypt any data. The application is what encrypts it.
So what David Wojtowicz commented on it needs to ride on top of an
encrypted/secure channel (like as I mentioned ssh/vpn) in which the data
within that channel is then encrypted.
I just want to clarify that changing ports does nothing to encrypt the data
for those on this list who are not familiar with
networking/network_protocols/encryption in general.
On Sat, Feb 18, 2023 at 1:09 PM Dave Bukowski <davebb@xxxxxxxxxxxxx> wrote:
> Yes, however it is a bit complicated. The data itself is not encrypted.
> The reason I was trying to do this was to get around having to constantly
> update a firewall rule and the ldmd.conf ALLOWs for a site that was on a
> dynamic IP address (cable modem).
>
> The solution I used was setting up a SSH tunnel. So because of that the
> traffic is encrypted by SSH. You will need to configure your tunnel though
> properly. I really can't remember all the details, but I had the server
> already with SSH, but had to create the tunnel receiver to redirect for
> that tunnel session to port 388, then the client needed to not only have
> ssh as a client to connect, but also have persistence (say the ssh tunnel
> drops due to a network failure, need to set up your public key on the
> receiving server). There was a script to verify it and re-establish it.
> then had to make sure to connect to another port instead of 388 because LDM
> uses 388 for the server end. Your SSH tunnel would have to be something
> like 3888 (non-privileged port is easier to work with >1024 and can be run
> as a mere-mortal account). Then the other thing to worry about. So the
> answer is, it is possible, but it is a pain in configuring. I was mostly
> doing it to see if it would work and it does.
>
> Another method, I have not yet tested, but it's very doable, if you have
> the ability is to set up a site-to-site or even client-to-site VPN.
> OpenVPN works very well and there are scripts that are on github that make
> setting up the VPN service a breeze. I haven't played with this other than
> client-to-site VPN on my pfSense router at home, but have set up the VPN on
> a cloud site to learn it more on the non-network equipment end. But this
> will also encrypt your data and also get around a lot of issues and you can
> even set it up to LISTEN on ports like 443 and such. Again, just like
> SSH/VPN does use network and system resources (IP/ports/memory/CPU time).
>
> Hope those get an idea of how to get the data encrypted.
>
>
>
> On Thu, Feb 16, 2023 at 9:16 AM Frost, Mr. Michael via ldm-users <
> ldm-users@xxxxxxxxxxxxxxxx> wrote:
>
>> Hello,
>>
>>
>>
>> Is there a way to run LDM over secure port like an https ?
>>
>>
>>
>> Thanks,
>>
>> Mike
>>
>>
>>
>> Michael Frost
>>
>> Computer Programmer, Code 7542
>>
>> Marine Meteorology Division
>>
>> Naval Research Laboratory
>>
>> 7 Grace Hopper Ave., Mail Stop 2
>>
>> Monterey CA 93943
>>
>> Ph (831) 656 - 4723
>>
>>
>> _______________________________________________
>> NOTE: All exchanges posted to Unidata maintained email lists are
>> recorded in the Unidata inquiry tracking system and made publicly
>> available through the web. Users who post to any of the lists we
>> maintain are reminded to remove any personal information that they
>> do not want to be made public.
>>
>>
>> ldm-users mailing list
>> ldm-users@xxxxxxxxxxxxxxxx
>> For list information or to unsubscribe, visit:
>> https://www.unidata.ucar.edu/mailing_lists/
>>
>
