> > I am trying to connect to my mysql server through an SSH tunnel. > > On the server, I have a local instance of mysql running, but one of the > > hosted domains needs to access another remote mysql server. For security, > > I want to connect to the remote server via an ssh tunnel. > > I am creating the tunnel using the following command: > > ssh -L 3307:xxx.xxx.xxx.xxx:3306 -l root -N xxx.xxx.xxx.xxx -f > > This creates a tunnel so I can connect to port 3307 on the local server, > > and end up talking to the remote server on 3306. > > Telneting to 127.0.0.1:3307 gives me the mysql handshake. > > > > Now the fun begins when I try to use the connection. If I do: > > > > mysql -h xxx.xxx.xxx.xxx -u leg_shop -p, I can log into the remote server > > using the username leg_shop. > > This works fine with no problems except the fact the traffic is not > > encrypted as it isnt using the ssh tunnel. > > > > If I do: > > mysql -h 127.0.0.1 -P 3307 -u leg_shop -p, it connects to the remote > server > > through the ssh tunnel, but for some insane reason, it ignores the "-u > > leg_shop". > > > > I can enter any username of my choice (e.g. a user which is DEFINATELY not > > valid on the remote server), and yet it still connects. > > > > Am I missing something here ? > > On the server where I am trying to connect FROM, it has mysql client > "mysql > > Ver 14.7 Distrib 4.1.7, for pc-linux (i686)", and on the remote server I > > am trying to connect to via the tunnel, it is running "mysql Ver 12.22 > > Distrib 4.0.16, for pc-linux (i686)" > > > > Any ideas or suggestions welcome. > > > > Richard > > I believe that your mysql server gets the local ip address (127.0.0.1) as > connection source and not the one from your remote host which you are > connecting from. > > You're granted access from the anonymous user which is default entered in the > > mysql.user table. > > I would suggest to > 1.) delete this users with > use mysql; delete from user where user=''; flush privileges; > 2.) Try to reconnect via ssh tunnel. This should be denied now. > 3.) alter the host-entry from the leg_shop user to 'localhost' and try > connecting again. > > Regards, > bh
Absolutely right. By removing the anonymous entry, it now works as I'd expected :) Thanks all Richard -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
