difficulty using mysql with ssh tunneling
I've set up an ssh tunnel between my local machine and a remote host (Fred) as follows: ssh daveg@fred -L 3306:localhost:3306 in an effort to access a remote mysql database running on fred. I've verified that the tunnel is working by telnetting into fred 3306 and seeing the mysql version info from the remote solaris system. If I now enter: mysql --host=localhost -udavid -ppassword (david and password are the mysql username and password), i get the following: ERROR 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) So, for some reason, mysql is convinced i'm running a local mysqld and is trying to hook up to it. Of course there's no local daemon running, so it chokes when it can't find the socket. Is there any reason it is not simply reaching out to port 3306 locally and thus finding the tunnel? thanks, --David Goodstein - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: difficulty using mysql with ssh tunneling
At 18:20 -0800 2/26/02, David M. Goodstein wrote: I've set up an ssh tunnel between my local machine and a remote host (Fred) as follows: ssh daveg@fred -L 3306:localhost:3306 in an effort to access a remote mysql database running on fred. I've verified that the tunnel is working by telnetting into fred 3306 and seeing the mysql version info from the remote solaris system. If I now enter: mysql --host=localhost -udavid -ppassword (david and password are the mysql username and password), i get the following: ERROR 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) So, for some reason, mysql is convinced i'm running a local mysqld and is trying to hook up to it. Of course there's no local daemon running, so it chokes when it can't find the socket. Is there any reason it is not simply reaching out to port 3306 locally and thus finding the tunnel? The name localhost is special to MySQL, which always interprets it as meaning use a UNIX socket. Try 127.0.0.1 instead. thanks, --David Goodstein - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Subject: Mini-HOWTO: MySQL over SSH tunnel
Description: Text that may or may not be added to the MySQL manual How-To-Repeat: Fix: Hello, As there is a description about using an SSH tunnel with Windows in the MySQL doc, I thought a text about using an SSH tunnel with UNIX might be in order. If you think the text below might warrant inclusion in the MySQL manual, please feel free to modify it and include it. Note also that the manual says: MySQL supports internal SSL connections as of Version 3.23.9. but Secure connections (with SSL). is still in things that should be in 4.0. So...does it support SSL or not? Best regards, -- David === Port forwarding of mysql connections over SSH in UNIX: Suppose you want to connect to a mysql server running on a remote machine called 'foo' as user 'fred', but you do not want to use an unencrypted connection from your local machine 'bar' to the mysqld port (i.e. you do not want to just do 'mysql -h foo -u fred -p' and risk somebody eavesdropping on the data stream between machines 'foo' and 'bar') You can use SSH to transparently encrypt the connection: 1) Make sure that the mysqld server lets user 'fred' connect from machine 'localhost.localdomain' (NOT from 'localhost') using password 'mypassword'. Check the mysql manual on how to do this, you have to set up the mysql.user table accordingly. Note that your mileage may vary; I only got it to work with host = 'localhost.localdomain' in the user table. 2) Make sure that the SSH-daemon is running on machine 'foo' (some tuning may be required) 3) Make sure you have the SSH client on machine 'bar'. 4) Make sure user 'fred' has an account on machine 'foo'. Unfortunately this must be an account with a shell :-( Now do the following: Start the SSH client on your local machine 'bar' so that: 1) It listens on a given port on your local machine (to which you will connect afterwards). Let's use port 4000 (say). If you want to use a port below 1024, you will have to be root. 2) It connects to the SSH-daemon on machine 'foo' using the SSH protocol, thus ensuring an encrypted connection (you can select the encryption algorithm etc. using config files and the command line of ssh). 3) The SSH-daemon on machine 'foo' decrypts and locally forwards data to the mysql daemon which (by default) listens on port 3306. 4) Go for it: cmd ssh -L 4000:foo:3306 foo -l fred You are now ready to connect to the mysqld through the SSH tunnel: 1) Start mysql with some additional options: cmd mysql --host==localhost.localdomain --port=4000 -p --user=fred mysql will ask for fred's database password and connect to the locally running SSH client listening on port 4000. If you give --host==localhost this will not work because mysql will attempt to connect using the local-only UNIX domain socket. If you give --host==bar this will not work either; the mysqld on the remote machine will just give an ERROR 2003, i.e. the connect() call on 'foo' failed, but can't imagine why. As said, your mileage may vary. 2) see ssh running with ps, and listening on port 4000 using netstat -a 3) interestingly, nmap does *not* show port 4000 as open from outside === Submitter-Id: David Tonhofer Originator:root Organization: m-plify S.A. MySQL support: none Synopsis: Text that may or may not be added to the MySQL manual Severity: non-critical Priority: low Category: mysql Class: doc-bug Release: mysql-3.23.41 (Official MySQL RPM) Server: /usr/bin/mysqladmin Ver 8.21 Distrib 3.23.41, for pc-linux-gnu on i686 - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Subject: Mini-HOWTO: MySQL over SSH tunnel
At 0:17 Uhr +0200 20.8.2001, David Tonhofer wrote: 4) Make sure user 'fred' has an account on machine 'foo'. Unfortunately this must be an account with a shell :-( You could probably write a pseudo-shell and put that into /etc/passwd (i.e. #!/usr/bin/perl while(STDIN){exit if /^exit$/m; print This is a pseudo shell. You can only 'exit'.\n} ). How reliable do ssh tunnels work over long periods of time nowadays? Two years ago there were discussions about dropped/hanging(?) connections when using tunneling large amounts of data (not mysql specific). What do you do when loosing connection (i.e. the server is restarted)? Probably some sort of 'pinging' the connection is needed? i.e. opening a connection to mysql over the tunnel on the client side, doing 'select 1' periodically, if there's no response kill the ssh client and restart it. Has someone used replication over an ssh tunnel? Christian. - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
MySQl with SSH
Hi, How can I configure MySQL to utilize the SSH package for encrypted TCP/IP connection between MySQL clients and server? Thanks in advance. Kuokai - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQl with SSH
On Fri, Feb 16, 2001 at 05:31:54AM -0800, Kuokai Shyu wrote: How can I configure MySQL to utilize the SSH package for encrypted TCP/IP connection between MySQL clients and server? Thanks in advance. What I do is setup port-forwarding. I forward a local port (say 12345) to port 3306 on the database server via an SSH connection: ssh -f -L 12345:server.foo.com:3306 sleep 9 (or something relatively similar) Then I just tell the client to connect to localhost on port 12345. Jeremy -- Jeremy D. Zawodny, [EMAIL PROTECTED] Technical Yahoo - Yahoo Finance Desk: (408) 328-7878Fax: (408) 530-5454 Cell: (408) 439-9951 - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php