However, the server seems to be showing a lot of unnecessary info to the user.
Just as expected, dbuser wasn't able to log into the server. Let's SSH into our server with dbuser and you should see similar output as the following: While it worked for the GUI client, we still need to make sure that dbuser has no SSH access. Here's a sample screenshot from TablePlus. Now setup your respective GUI tool to connect to MySQL / PostgreSQL via SSH, it should work. Now restart the SSH service for the new settings to take effect. With these 2 lines, we have enabled PasswordAuthentication specifically for dbuser only and not anyone else. Go to the end of the file ( very important to be the end of the file) and add the following lines: Match user dbuser
Here, we want to enable password authentication specifically for dbuser so that it's easier for a non-technical user to login via his favourite database GUI. If you follow the best practises around for SSH, you would probably have disabled password authentication for your server. While this stops the user from accessing SSH, it does not block the user from tunnelling through SSH and accessing the databases as you will see. That way when dbuser tries to SSH into the server, his shell access would be closed immediately preventing him from tinkering around in the server.
sudo useradd -s /usr/sbin/nologin dbuserīasically what /usr/sbin/nologin does is to create a shell that has no login access. Let's get started with these 5 simple steps. It's actually pretty easy to do so in Ubuntu. Sometimes we need to add a user to a pretty locked down server just for them to login to MySQL / PostgreSQL via their GUI client without giving them any other access. How to Create a Restricted User to Connect to MySQL / PostgreSQL Remotely via GUI Client without SSH Access
0 kommentar(er)
