On Sep 23, 2008, at 10:09 AM, Vincent Hoffman wrote:
John Almberg wrote:
I have two FreeBSD machines. One is a application server, the other a
database server running mysql. These machines are in two different
locations. I'd like to allow the application server to access mysql
through an SSH tunnel.
Being a newbie admin, I've never set up an SSH tunnel. I've been
reading about them all morning and (as always) there seems to be more
than one way to skin this cat.
I'm looking for ease of set up and maintenance, as well as security
(which I assume is a given.) I'd prefer NOT to have to recompile the
kernels (pure cowardice... the application server is a production
server that I don't want to experiment with.) Both servers have
OpenSSL.
Any recommendations, much appreciated.
Thanks: John
A very basic ssh tunnel is a simple as
ssh -L3306:127.0.0.1:3306 [EMAIL PROTECTED]
This will forward any connections to localhost on port 3306 through
the
ssh connection to remote.host then on to localhost at that end on port
3306. if you have mysql running on the app server as well then change
-L3306:127.0.0.1:3306 to -L33006:127.0.0.1:3306 where 33006 is an
unused tcp port on the application server. If you do use an ssh tunnel
you may want to use security/autossh which will monitor the tunnel and
re-establish it if it loses connection for some reason.
After a few hours of work today, I have all this working perfectly.
I'm using autossh to automatically create and monitor the ssh tunnel,
and I can make mysql connections through the tunnel with no problems.
Very cool.
And that's through PF firewalls on both machines, which added flavor
to the exercise ;-)
One question... and maybe this is a general, philosophical question...
If autossh watches over my ssh tunnel, who or what watches over autossh?
As a related question, how can I make autossh start automatically
after a reboot? At the moment, I start autossh from the command line,
like so:
> autossh -M 20000 -fNg -L 33006:127.0.0.1:3306 [EMAIL PROTECTED]
There doesn't seem to be an rc.d file for autossh... Do I have to
figure out how to make one?
Not that this machine gets rebooted more than once a year, but so
far, everything running on this machine start automatically, and I'd
like to keep it that way. Any tips much appreciated.
Thanks: John
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
