difficulty using mysql with ssh tunneling

2002-02-26 Thread David M. Goodstein 

I've set up an ssh tunnel between my local machine and a remote host
(Fred) as follows:
   ssh daveg@fred -L 3306:localhost:3306
in an effort to access a remote mysql database running on fred.  I've
verified that the tunnel is working by telnetting into fred 3306 and
seeing the mysql version info from the remote solaris system.
If I now enter:
mysql --host=localhost  -udavid -ppassword  (david and password are
the mysql username and password), i get the following:
ERROR 2002: Can't connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock' (2)

So, for some reason, mysql is convinced i'm running a local  mysqld
and is trying to hook up to it.  Of course there's no local daemon
running, so it chokes when it can't find the socket.  Is there any
reason it is not simply reaching out to port 3306 locally and thus
finding the tunnel?

thanks,
--David Goodstein





-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Re: difficulty using mysql with ssh tunneling

2002-02-26 Thread Paul DuBois 

At 18:20 -0800 2/26/02, David M. Goodstein wrote:
I've set up an ssh tunnel between my local machine and a remote host
(Fred) as follows:
ssh daveg@fred -L 3306:localhost:3306
in an effort to access a remote mysql database running on fred.  I've
verified that the tunnel is working by telnetting into fred 3306 and
seeing the mysql version info from the remote solaris system.
If I now enter:
 mysql --host=localhost  -udavid -ppassword  (david and password are
the mysql username and password), i get the following:
ERROR 2002: Can't connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock' (2)

So, for some reason, mysql is convinced i'm running a local  mysqld
and is trying to hook up to it.  Of course there's no local daemon
running, so it chokes when it can't find the socket.  Is there any
reason it is not simply reaching out to port 3306 locally and thus
finding the tunnel?

The name localhost is special to MySQL, which always interprets it
as meaning use a UNIX socket.  Try 127.0.0.1 instead.


thanks,
--David Goodstein


-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Subject: Mini-HOWTO: MySQL over SSH tunnel

2001-08-19 Thread David Tonhofer 

Description:
Text that may or may not be added to the MySQL manual
How-To-Repeat:
Fix:

Hello,

As there is a description about using an SSH tunnel with Windows
in the MySQL doc, I thought a text about using an SSH tunnel with
UNIX might be in order. If you think the text below might warrant
inclusion in the MySQL manual, please feel free to modify it and
include it.

Note also that the manual says:

MySQL supports internal SSL connections as of Version 3.23.9.

but

Secure connections (with SSL).

is still in things that should be in 4.0.

So...does it support SSL or not?

Best regards,

-- David

===

Port forwarding of mysql connections over SSH in UNIX:

Suppose you want to connect to a mysql server running on a remote machine
called 'foo' as user 'fred', but you do not want to use an unencrypted
connection from your local machine 'bar' to the mysqld port (i.e. you do not
want to just do 'mysql -h foo -u fred -p' and risk somebody eavesdropping
on the data stream between machines 'foo' and 'bar')
You can use SSH to transparently encrypt the connection:
1) Make sure that the mysqld server lets user 'fred' connect from
   machine 'localhost.localdomain' (NOT from 'localhost') using password
   'mypassword'.
   Check the mysql manual on how to do this, you have to set up the
   mysql.user table accordingly.
   Note that your mileage may vary; I only got it to work with
   host = 'localhost.localdomain' in the user table.
2) Make sure that the SSH-daemon is running on machine 'foo' (some
   tuning may be required)
3) Make sure you have the SSH client on machine 'bar'.
4) Make sure user 'fred' has an account on machine 'foo'. Unfortunately
   this must be an account with a shell :-(
Now do the following:
Start the SSH client on your local machine 'bar' so that:
1) It listens on a given port on your local machine (to which you will
   connect afterwards). Let's use port 4000 (say). If you want to use
   a port below 1024, you will have to be root.
2) It connects to the SSH-daemon on machine 'foo' using the SSH protocol,
   thus ensuring an encrypted connection (you can select the encryption
   algorithm etc. using config files and the command line of ssh).
3) The SSH-daemon on machine 'foo' decrypts and locally forwards data
   to the mysql daemon which (by default) listens on port 3306.
4) Go for it:
   cmd ssh -L 4000:foo:3306 foo -l fred
You are now ready to connect to the mysqld through the SSH tunnel:
1) Start mysql with some additional options:
   cmd mysql --host==localhost.localdomain --port=4000 -p --user=fred
   mysql will ask for fred's database password and connect to the
   locally running SSH client listening on port 4000.
   If you give --host==localhost this will not work because mysql will
   attempt to connect using the local-only UNIX domain socket.
   If you give --host==bar this will not work either; the mysqld on the
   remote machine will just give an ERROR 2003, i.e. the connect()
   call on 'foo' failed, but can't imagine why. As said, your mileage may
   vary.
2) see ssh running with ps, and listening on port 4000 using netstat -a
3) interestingly, nmap does *not* show port 4000 as open from outside

===

Submitter-Id:  David Tonhofer
Originator:root
Organization:  m-plify S.A.
MySQL support: none
Synopsis:  Text that may or may not be added to the MySQL manual
Severity:  non-critical
Priority:  low
Category:  mysql
Class: doc-bug
Release:   mysql-3.23.41 (Official MySQL RPM)
Server: /usr/bin/mysqladmin  Ver 8.21 Distrib 3.23.41, for pc-linux-gnu on
i686



-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Re: Subject: Mini-HOWTO: MySQL over SSH tunnel

2001-08-19 Thread Christian Jaeger 

At 0:17 Uhr +0200 20.8.2001, David Tonhofer wrote:
4) Make sure user 'fred' has an account on machine 'foo'. Unfortunately
this must be an account with a shell :-(

You could probably write a pseudo-shell and put that into /etc/passwd (i.e.
#!/usr/bin/perl
while(STDIN){exit if /^exit$/m; print This is a pseudo shell. You 
can only 'exit'.\n}
).

How reliable do ssh tunnels work over long periods of time nowadays? 
Two years ago there were discussions about dropped/hanging(?) 
connections when using tunneling large amounts of data (not mysql 
specific).

What do you do when loosing connection (i.e. the server is restarted)?
Probably some sort of 'pinging' the connection is needed? i.e. 
opening a connection to mysql over the tunnel on the client side, 
doing 'select 1' periodically, if there's no response kill the ssh 
client and restart it.

Has someone used replication over an ssh tunnel?

Christian.

-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

MySQl with SSH

2001-02-16 Thread Kuokai Shyu 

Hi,

How can I configure MySQL to utilize the SSH package
for encrypted TCP/IP connection between MySQL clients and server?
Thanks in advance.

Kuokai




-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Re: MySQl with SSH

2001-02-16 Thread Jeremy D. Zawodny 

On Fri, Feb 16, 2001 at 05:31:54AM -0800, Kuokai Shyu wrote:
 
 How can I configure MySQL to utilize the SSH package for encrypted
 TCP/IP connection between MySQL clients and server?  Thanks in
 advance.

What I do is setup port-forwarding. I forward a local port (say 12345)
to port 3306 on the database server via an SSH connection:

  ssh -f -L 12345:server.foo.com:3306 sleep 9

(or something relatively similar)

Then I just tell the client to connect to localhost on port 12345.

Jeremy
-- 
Jeremy D. Zawodny, [EMAIL PROTECTED]
Technical Yahoo - Yahoo Finance
Desk: (408) 328-7878Fax: (408) 530-5454
Cell: (408) 439-9951

-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php