> I am trying to connect to my mysql server through an SSH tunnel. > On the server, I have a local instance of mysql running, but > one of the hosted > domains needs to access another remote mysql server. For > security, I want to > connect to the remote server via an ssh tunnel. > I am creating the tunnel using the following command: > ssh -L 3307:xxx.xxx.xxx.xxx:3306 -l root -N xxx.xxx.xxx.xxx -f > This creates a tunnel so I can connect to port 3307 on the > local server, and end > up talking to the remote server on 3306. > Telneting to 127.0.0.1:3307 gives me the mysql handshake. > > Now the fun begins when I try to use the connection. If I do: > > mysql -h xxx.xxx.xxx.xxx -u leg_shop -p, I can log into the > remote server using > the username leg_shop. > This works fine with no problems except the fact the traffic > is not encrypted as > it isnt using the ssh tunnel. > > If I do: > mysql -h 127.0.0.1 -P 3307 -u leg_shop -p, it connects to the > remote server > through the ssh tunnel, but for some insane reason, it ignores the "-u > leg_shop". > > I can enter any username of my choice (e.g. a user which is > DEFINATELY not valid > on the remote server), and yet it still connects. > > Am I missing something here ? > On the server where I am trying to connect FROM, it has mysql > client "mysql Ver > 14.7 Distrib 4.1.7, for pc-linux (i686)", and on the remote > server I am trying > to connect to via the tunnel, it is running "mysql Ver 12.22 > Distrib 4.0.16, > for pc-linux (i686)" > > Any ideas or suggestions welcome. > > Richard
Since you are using an ssh tunnel, you will be able to connect with any username if you have not removed the anonymous accounts from the user table. This is because to mysql, I believe that it will look like these connections are coming for the local machine. You could test this by putting -p nothepassword on your connect line and look at the access denied message to see who you are connecting as. What I am trying to say is that connecting from the remote machine with out the tunnel is not the same as connecting with the tunnel as far as permissions are concerned. --- Tom Crimmins Interface Specialist Pottawattamie County, Iowa -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
