Re: [ldm-users] Running LDM over secure port

Thank you so much. 

 

Either way doesn’t sound fun.  I might look into IPSEC and see what it’s like.

 

Mike

 

From: Dave Bukowski <davebb@xxxxxxxxxxxxx> 
Sent: Saturday, February 18, 2023 11:10 AM
To: Frost, Mr. Michael <Michael.Frost@xxxxxxxxxxxxxxx>
Cc: ldm-users (ldm-users@xxxxxxxxxxxxxxxx) <ldm-users@xxxxxxxxxxxxxxxx>
Subject: Re: [ldm-users] Running LDM over secure port

 

Yes, however it is a bit complicated.  The data itself is not encrypted. The 
reason I was trying to do this was to get around having to constantly update a 
firewall rule and the ldmd.conf ALLOWs for a site that was on a dynamic IP 
address (cable modem).

 

The solution I used was setting up a SSH tunnel.  So because of that the 
traffic is encrypted by SSH.  You will need to configure your tunnel though 
properly.  I really can't remember all the details, but I had the server 
already with SSH, but had to create the tunnel receiver to redirect for that 
tunnel session to port 388, then the client needed to not only have ssh as a 
client to connect, but also have persistence (say the ssh tunnel drops due to a 
network failure, need to set up your public key on the receiving server).  
There was a script to verify it and re-establish it.  then had to make sure to 
connect to another port instead of 388 because LDM uses 388 for the server end. 
 Your SSH tunnel would have to be something like 3888 (non-privileged port is 
easier to work with >1024 and can be run as a mere-mortal account).  Then the 
other thing to worry about.  So the answer is, it is possible, but it is a pain 
in configuring.  I was mostly doing it to see if it would work and it does.

 

Another method, I have not yet tested, but it's very doable, if you have the 
ability is to set up a site-to-site or even client-to-site VPN.  OpenVPN works 
very well and there are scripts that are on github that make setting up the VPN 
service a breeze.  I haven't played with this other than client-to-site VPN on 
my pfSense router at home, but have set up the VPN on a cloud site to learn it 
more on the non-network equipment end.  But this will also encrypt your data 
and also get around a lot of issues and you can even set it up to LISTEN on 
ports like 443 and such.  Again, just like SSH/VPN does use network and system 
resources (IP/ports/memory/CPU time).



Hope those get an idea of how to get the data encrypted.

 

 

On Thu, Feb 16, 2023 at 9:16 AM Frost, Mr. Michael via ldm-users 
<ldm-users@xxxxxxxxxxxxxxxx <mailto:ldm-users@xxxxxxxxxxxxxxxx> > wrote:

Hello,

 

Is there a way to run LDM over secure port like an https ?

 

Thanks,

Mike

 

Michael Frost

Computer Programmer, Code 7542

Marine Meteorology Division

Naval Research Laboratory

7 Grace Hopper Ave., Mail Stop 2

Monterey CA 93943

Ph (831) 656 - 4723

 

_______________________________________________
NOTE: All exchanges posted to Unidata maintained email lists are
recorded in the Unidata inquiry tracking system and made publicly
available through the web.  Users who post to any of the lists we
maintain are reminded to remove any personal information that they
do not want to be made public.


ldm-users mailing list
ldm-users@xxxxxxxxxxxxxxxx <mailto:ldm-users@xxxxxxxxxxxxxxxx> 
For list information or to unsubscribe,  visit: 
https://www.unidata.ucar.edu/mailing_lists/ 

Attachment: smime.p7s
Description: S/MIME cryptographic signature

  • 2023 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the ldm-users archives: