mysql connection through ssl tunnel
Peter Boosten
peter at boosten.org
Mon Oct 20 20:09:31 PDT 2008
John Almberg wrote:
>
> I tried this, and not surprisingly, it didn't work. Now I'm trying to
> debug it...
>
Maybe some mixup in the keys? In my example ssh tries to read the
private key of root on the connecting server, so the server where the
database is located, because init is run as root. If you need another
key, then you need to specify this with the -i parameter.
> Question... if I want to ssh from the database server to the application
> server (in the direction show -R), I need to use port 48444 (not the
> actual port, but something high). In other words, I need to do something
> like:
>
> ssh admin at example.com -p 48444
>
> Does this ssh port have anything to do with trying to start this ssh
> tunnel? In other words, do I need to add a '-p 48420' to the ttyv7 command?
>
The command given shows a connection between the two ports (in my case
3306). One of them would then be 48420 (the first one).
thus:
ttyv7 "/usr/bin/ssh -l admin -nNTx -R 48420:local.domain.tld:3306
remote.domain.tld >/dev/null 2>&1" unknown on
This works by allocating a socket to listen to 48420 on the remote
side, and whenever a connection is made to this port, the connec
tion is forwarded over the secure channel, and a connection is
made to local.domain.tld port 3306 from the local machine.
Obviously you would have to change local.domain.tld and
remote.domain.tld with actual FQDN or IP addresses. Furthermore, since
this connection is been made by root (which normally isn't) you need to
verify the host key of the remote server (by either putting it in
known_hosts of root by hand, or make the connection once from the prompt
and answer 'y', or putting the key in /etc/ssh/ssh_known_hosts.
The connection on the remote host indeed is made with
mysql -h 127.0.0.1 -P 48420 -u user -p password db
regards
Peter
--
http://www.boosten.org
More information about the freebsd-questions
mailing list