SSH is a protocol that allows users to securely log onto and interact with remote systems on the Internet by connecting a client program to an SSH server. SSH provides a mechanism for establishing a cryptographically secured connection between two endpoints, a client and a remote server, which authenticate each other and exchange messages. It employs different forms of symmetrical encryption, asymmetrical encryption, and hashing.
It is possible to use SSH to secure the network connection between a Delphi application and a PostgreSQL server. You execute shell commands in the same fashion as if you were physically operating the remote machine.
Devart offers a solution called SecureBridge that allows you to create a Delphi SSH client and a server. You can embed the SSH client into your application and install the SSH server on a remote machine where the MySQL server resides. The SSH client connects to the SSH server, which sends all commands to the remote MySQL server. This tutorial demonstrates how to create a sample Delphi application that connects to MySQL using SSH as the encryption method.
SSH key-based authentication is done by public and private keys that a client uses to authenticate itself when logging into an SSH server. The server key is used is used by the client to authenticate the SSH server and is specified in the TScSSHClient.HostKeyName property. The client key is used by the SSH server to authenticate the client and is specified in the TScSSHClient.PrivateKeyName property. Note that the private key contains the public key. See SecureBridge tutorial on configuring the SSH server.
An SSH server is required to replicate the steps in this tutorial and encrypt the network connection between the client application and the MySQL server. You can build the SSH server demo project that is distributed with SecureBridge ('Documents\Devart\MyDAC for RAD Studio\Demos\TechnologySpecific\SecureBridge\Demo') and run the executable file.
After installing MyDAC and SecureBridge software on your system, install the TMySSHIOHandler component in RAD Studio to bind MyDAC with SecureBridge. The installation instructions are provided in the Readme.html, which is located by default in "My Documents\Devart\MyDAC for RAD Studio XX\Demos\TechnologySpecific\SecureBridge\".
It is not obligatory to use SecureBridge TScSSHServer component as an SSH server - you can use any other server that implements the SSH protocol.
The following is the step-by-step sequence of actions for the easiest case of using OpenSSH for Windows. The detailed description of each command you can see in the documentation for OpenSSH.
ssh.exe -L <SSH port>:<MySQL server>:<MySQL server port> <SSHUser>@<SSH server>
<SSH port> - port number of SSH client that will be redirected to the corresponding port of MySQL server
<MySQL server> - name or IP address of the machine where MySQL server is installed
<MySQL server port> - number of MySQL server port. As usual, 3306.
<SSHUser> - user name created in p. 2
<SSH server> - name or IP address of the machine where SSH server is installed in p. 2
For example,
ssh.exe -L 3307:server:3306 [email protected]
At the first start you will be suggested to confirm a connection with the specified SSH server. Enter "yes" for confirmation.
On each start of SSH you must enter a password set in p. 2
MyConnection1.Server := <SSH client>;
MyConnection1.Port := <SSH port>;
If SSH client was installed at the same machine as MySQL client, you can assign 'localhost' to MyConnection1.Server.
Pay attention that in the specified sequence above check of SSHUser authentication is performed by Windows. About the methods of higher protection (key authentication etc) see documentation for OpenSSH.
To get more detailed information on using encrypted connections refer to MySQL Reference Manual.