cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Secure connection from application server to database server

Former Member

on ‎02-05-2008 12:59 PM

0 Kudos

Hi,

I have this situation where I want my SAP application to connect to the oracle database by means of standard brtools (brconnect, brbackup etc.). The SAP application (nw70) is running on host A, the database on a separate database server B. Both are running on Linux. As described in various notes (for example 1025707), 3 options are possible:

- connection via a SAP gateway which resides on the database server.

- connection via rsh, so that commands can be run directly on the database server by issuing rsh from of the application server.

- installing a SAP application server on the database server.

The last option is only a serious option if you would need an extra application server which is not the case. That leaves two options. rsh is by far the easiest way to implement but not secure which - in my opinion - makes it not a good option either. With security in mind, that would mean that only a SAP gateway is a serious option to create a database connection in case of a separate database host. I would prefer to keep my database server as clean as possible so only a database running on it and nothing else, including a SAP gateway. I also think a better option should be available than installing a gateway, which is secure and as simple as rsh. Perhaps ssh can be configured the same way as rsh without the need of providing a password. Any ideas?

Regards,

GJ

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎02-05-2008 1:31 PM
0 Kudos 
Perhaps ssh can be configured the same way as rsh without the need of providing a password. Any ideas?

Yes, this is possible, you can generate a public/private key pair. This is quite simple and commonly used today. Check the man page of ssh-keygen, or google for it, there is a lot of information on this issue.

- Basically you just need to generate the keys on the application server:

ssh-keygen -t dsa

- Then copy the contents of id_dsa.pub into the database servers .ssh/authorized_keys file

You should be able to alter the br* commands in the SAP to something like ssh <dbhost> -c "<original_cmd>"

Best regards, Michael

Show replies
Show replies
Former Member
‎02-18-2008 9:33 AM
0 Kudos

Hi Michael,

I have created the keys and on OS level this works fine. I have chosen not to use a passprase as configuration becomes more difficult then to make a logon without user interaction possible. If you want to use a passphrase without logon, you will need ssh-agent. My systems are LAN only and quite secure so I did not use it. Thanks.

Regards,

Gert-Jan

Ask a Question