PostgreSQL connections from off-site
If you want to connect directly to the PostgreSQL server from outside the college network, you must use SSL encryption. Here are four possible ways to address this.
Use the college VPN service
If you first connect using the college VPN service, then your PostgreSQL connection will be considered as being from on-site. In this case, you will not need to use SSL encryption.
Use SSH tunnelling
This is similar to using VPN but at an application-level. Use an SSH client to create a tunnel from your computer outside the network to db.doc.ic.ac.uk through one of the externally-accessible SSH servers: shell1.doc.ic.ac.uk -- shell4.doc.ic.ac.uk. Here is the syntax from a Linux terminal:
ssh -L 12345:db.doc.ic.ac.uk:5432 shell1.doc.ic.ac.uk
After you authenticate, the above command will set up a tunnel from port 12345 on your local computer to port 5432 (upon which the PostgreSQL service listens on db.doc.ic.ac.uk). You can then configure the PostgreSQL client on your local computer to connect to localhost:12345. Here is the syntax from a Linux terminal:
psql --host localhost --port 12345 -U postgreUserName --dbname=postgresDatabaseName
To be completed
SSL Connection without Authentication
To be completed
SSL Connection with Authentication
To be completed