Received: from localhost (unknown [200.46.204.183])
	by mail.postgresql.org (Postfix) with ESMTP id 698D664FE11
	for <pgsql-docs-postgresql.org@mail.postgresql.org>;
	Thu, 20 Nov 2008 04:26:48 -0400 (AST)
Received: from mail.postgresql.org ([200.46.204.86])
	by localhost (mx1.hub.org [200.46.204.183]) (amavisd-maia, port 10024)
	with ESMTP id 59843-09 for
	<pgsql-docs-postgresql.org@mail.postgresql.org>;
	Thu, 20 Nov 2008 04:26:45 -0400 (AST)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by mail.postgresql.org (Postfix) with SMTP id 0C68A64FDD5
	for <pgsql-docs@postgresql.org>; Thu, 20 Nov 2008 04:26:44 -0400 (AST)
Received: (qmail invoked by alias); 20 Nov 2008 08:26:42 -0000
Received: from muc-ea-fw-1-imap.sun.com (EHLO
	dhcp-eesp05-101-154.Finland.Sun.COM) [192.9.112.196]
	by mail.gmx.net (mp015) with SMTP; 20 Nov 2008 09:26:42 +0100
X-Authenticated: #495269
X-Provags-ID: V01U2FsdGVkX19xnAI2iblx5PDl05JKulJYEudQaxpJjw/IGysFWt
	jJdzMC0Y356cFR
Message-ID: <49251F3F.7080300@gmx.net>
Date: Thu, 20 Nov 2008 10:26:39 +0200
From: Peter Eisentraut <peter_e@gmx.net>
User-Agent: Thunderbird 2.0.0.17 (Macintosh/20080914)
MIME-Version: 1.0
To: P Kapat <kap4lin@gmail.com>
CC: pgsql-docs@postgresql.org
Subject: Re: Incomplete online documentation on conecting via ssh tunnels
References: <daef5be80811191631sa3290feub2cbf0dd26d01bc7@mail.gmail.com>
In-Reply-To: <daef5be80811191631sa3290feub2cbf0dd26d01bc7@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
X-FuHaFi: 0.66
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Spam-Status: No, hits=2.499 tagged_above=0 required=5
	tests=FB_WORD1_END_DOLLAR=1, WEIRD_PORT=1.499
X-Spam-Level: **
X-Archive-Number: 200811/13
X-Sequence-Number: 4998

P Kapat wrote:
> The relevant documentations are (replace 8.3 by 8.2 or 8.1 or...):
> http://www.postgresql.org/docs/8.3/static/ssh-tunnels.html
> 
> The concerned command is:
> client$ ssh -L 3333:foo.com:5432 joe@foo.com
> 
>>From the discussion on the novice list, I came to the conclusion that
> the above command works only when listen_addresses = '*' OR
> listen_addresses = 'a.b.c.d'
> (where a.b.c.d is the IP of foo.com; other IPs can be present too)  is
> set in postgresql.conf.
> 
> But in most cases, for security reason, the server is quarantined
> within localhost by setting: listen_addresses = 'localhost'.
> 
> In this case, the ssh tunnel does not work. The correct command is:
> client$ ssh -L 3333:localhost:5432 joe@foo.com
> OR
> client$ ssh -L 3333:127.0.0.1:5432 joe@foo.com

You are absolutely correct.  Someone already pointed this out 
independently, and the 8.4devel documentation has much better 
information on this:

http://developer.postgresql.org/pgdocs/postgres/ssh-tunnels.html