mysql connection through ssl tunnel

Vincent Hoffman vince at
Tue Sep 23 14:09:14 UTC 2008

John Almberg wrote:
> I have two FreeBSD machines. One is a application server, the other a
> database server running mysql. These machines are in two different
> locations. I'd like to allow the application server to access mysql
> through an SSH tunnel.
> Being a newbie admin, I've never set up an SSH tunnel. I've been
> reading about them all morning and (as always) there seems to be more
> than one way to skin this cat.
> I'm looking for ease of set up and maintenance, as well as security
> (which I assume is a given.) I'd prefer NOT to have to recompile the
> kernels (pure cowardice... the application server is a production
> server that I don't want to experiment with.) Both servers have OpenSSL.
> Any recommendations, much appreciated.
> Thanks: John

A very basic ssh tunnel is a simple as
ssh -L3306: user at

This will forward any connections to localhost on port 3306 through the
ssh connection to then on to localhost at that end on port
3306. if you have mysql running on the app server as well then change
-L3306: to -L33006:  where 33006 is an
unused tcp port on the application server. If you do use an ssh tunnel
you may want to use security/autossh which will monitor the tunnel and
re-establish it if it loses connection for some reason.

You could also look at using stunnel to use a ssl tunnel rather than an
ssh tunnel (see for a basic
example) I havent used this on FreeBSD (never needed it) so the port may
install an easier way of setting up persistant tunnels.


> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list