Re: Ignoring username parameter when connecting via ssh tunnel

Wed, 02 Feb 2005 07:19:38 -0800 

On Wednesday 02 February 2005 15:39, Richard Curtis wrote:
> I am trying to connect to my mysql server through an SSH tunnel.
> On the server, I have a local instance of mysql running, but one of the
> hosted domains needs to access another remote mysql server.  For security,
> I want to connect to the remote server via an ssh tunnel.
> I am creating the tunnel using the following command:
> ssh -L 3307:xxx.xxx.xxx.xxx:3306 -l root -N xxx.xxx.xxx.xxx -f
> This creates a tunnel so I can connect to port 3307 on the local server,
> and end up talking to the remote server on 3306.
> Telneting to 127.0.0.1:3307 gives me the mysql handshake.
>
> Now the fun begins when I try to use the connection.  If I do:
>
> mysql -h xxx.xxx.xxx.xxx -u leg_shop -p, I can log into the remote server
> using the username leg_shop.
> This works fine with no problems except the fact the traffic is not
> encrypted as it isnt using the ssh tunnel.
>
> If I do:
> mysql -h 127.0.0.1 -P 3307 -u leg_shop -p, it connects to the remote server
> through the ssh tunnel, but for some insane reason, it ignores the "-u
> leg_shop".
>
> I can enter any username of my choice (e.g. a user which is DEFINATELY not
> valid on the remote server), and yet it still connects.
>
> Am I missing something here ?
> On the server where I am trying to connect FROM, it has mysql client "mysql
>  Ver 14.7 Distrib 4.1.7, for pc-linux (i686)", and on the remote server I
> am trying to connect to via the tunnel, it is running "mysql  Ver 12.22
> Distrib 4.0.16, for pc-linux (i686)"
>
> Any ideas or suggestions welcome.
>
> Richard

I believe that your mysql server gets the local ip address (127.0.0.1) as 
connection source and not the one from your remote host which you are 
connecting from.

You're granted access from the anonymous user which is default entered in the 
mysql.user table.

I would suggest to 
1.) delete this users with
use mysql; delete from user where user=''; flush privileges;
2.) Try to reconnect via ssh tunnel. This should be denied now.
3.) alter the host-entry from the leg_shop user to 'localhost' and try 
connecting again.

Regards,
bh

-- 
____________________________________________________________________
Bernhard Fiser                     [EMAIL PROTECTED]
Telekommunikation und Medien
Fachhochschule St. Pölten/St. Poelten University of Applied Sciences
Herzogenburger Straße 68 | 3100 St. Pölten | +43 (0) 2742 313228 48

Attachment: pgpLt1CauEqfO.pgp
Description: PGP signature

Reply via email to