Menu
I know Redis Cluster is still unstable, but it's been passing all the unit tests since quite a long time so I started using it.
I would like to know if a Redis Cluster would work well if the nodes required authentication. I'm incline to think yes, because they connect through a different port and use a different protocol, but I'm not sure and couldn't find any documentation or anything on the spec to confirm this.
Also, if the redis cluster protocol flies over the authentication barrier, isn't it a hole in security ? Could my database be accessed by the outside world ? (the port at least must be accessible so it can talk to the other nodes)
971
“Under certain conditions, if Redis runs with the root account (or not even), attackers can write an SSH public key file to the root account, directly logging on to the victim server through SSH.
When the authorization layer is enabled, Redis will refuse any query by unauthenticated clients. A client can authenticate itself by sending the AUTH command followed by the password. The password is set by the system administrator in clear text inside the redis. conf file.
ElastiCache for Redis offers default (service managed) encryption at rest, as well as ability to use your own symmetric customer managed AWS KMS keys in AWS Key Management Service (KMS).
SSH tunnel may be an easy solution:
Quick Example:
ssh -f -L 1234:localhost:6379 server.com -NC
This will route any incoming connection to localhost:1234 to the remote server.com:6379. So, you can replace server.com:6379 with localhost:1234 in your redis config file.
You could check man ssh for more information.
161
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
