How to SSH Tunnel from MySQL server - mysql

I am trying to use an SSH tunnel to provide access from my server to the MySQL database on my home server, without using port forwarding on my home router. In other words, I want to run the MySQL server, and establish the SSH tunnel from my home server, and then be able to use the mysql client from the external server. But I keep getting:
bind: Address already in use
I run the mysql server:
service mysql start
and then describe the ssh tunnel:
ssh root#hf2.tr8.us -L 3306:127.0.0.1:3306 -N
or:
ssh root#hf2.tr8.us -L 3306:hf2.tr8.us:3306 -N
Both produce the address in use error. If I create the tunnel first, MySQL refuses to start.
How do I specify the SSH tunnel from the same server that I started MySQL?

What I was looking for was a "reverse" tunnel: -R. This works, from the server:
ssh root#hf2.tr8.us -R 3306:127.0.0.1:3306 -N

Related

SSH Tunnel MySQL Connection with socket-connection via PhpStorm

By default, Database Manager from PhpStorm works well. But currently on a special Provider (1u1.de) I have some trouble to got this work.
I can connect to the Provider via SSH. If I want to connect to MySQL database, I have to use:
mysql --host=localhost --user=dbo123123123 -S /tmp/mysql5.sock --password='123123123';
That's works well via CLI on Server, but I didn't find a way to connect via PhpStorm to this Database.
For me it seems that the "socket-connection" may be the Problem. Does anybody have a clue how to got this to work?
Part of the Solution (?!):
Maybe a first part of an solution, I found that you be able to forwarding an Socket to your local pc as own socket this way:
ssh -nNT -L $(pwd)/yourLocal.sock:/var/run/mysqlREMOTEMYSQL.sock user#somehost
Source of Information
This show me, that the Socket is established:
netstat -ln | grep mysql
unix 2 [ ACC ] STREAM LISTENING 3713865 /myFolder/mysql5.sock
But I'm still unable to connect to this Socket with:
mysql -h localhost --protocol=SOCKET -u'username' -p'mypassword' -S /myFolder/mysql5.sock
Got this Error:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 95 "Operation not supported"
ssh -L /tmp/mysql.sock:/var/run/mysqld/mysqld.sock sshuser#remotehost
and then
mysql -h localhost --protocol=SOCKET -u'username' -p'mypassword' -S /tmp/mysql.sock
seems to work fine for me
Use SSH to setup a port forward, this will allow you to connect securely to your database without exposing it to the world.
On ssh, use the -L argument to establish the tunnel.
ssh -L <local_port>:<remote_host>:<remote_port> user#host
This will open <local_port> on your local machine, and then redirect all packets out the other side of the tunnel, destened for the <remote_host>:<remote_port>
In your case, you might want to try something like this:
ssh -L 3306:127.0.0.1:3306 user#mybox.1u1.de
After establishing the tunnel, you will be able to connect to the database through a local port.
From your local machine, not the 1u1 host,
mysql -u <user> -p --host 127.0.0.1 --port 3306
If this works properly, you should be able to configure PhpStorm to use the same address, 127.0.0.1:3306
The SSH tunnel will need to remain open the entire time you need to be connected to the database.

MySQL: Unable to connect using TCP/IP over SSH

We have an EC2 and RDS instance on Amazon Web Services. I usually first connect to the server using Putty and then access the database through a tunnel from my localhost.
I am now trying to directly connect to the database using TCP/IP over SSH, but get the following error. I am able to connect other applications such as FileZilla directly without creating any tunnels, but not able to connect MySQL. Please advise. There is no entry in known_hosts file.
Error:
[Window Title]
MySQL Workbench
[Main Instruction]
Failed to Connect to MySQL at database.aws-server.rds.amazonaws.com:3306 through SSH tunnel at username#100.100.100.100:22 with user username
[Content]
Cannot open SSH Tunnel: Error connecting SSH tunnel: The host 100.100.100.100 fingerprints mismatch.
Expected key: hjd83iuwe98jdoiw8euoqeuo83eqe308
Server sent: 8ru84ru8ur984u8djc0938y4jddj398e
Please verify if it's correct.
To continue, delete entries for the host from the C:\Users\<USER>\AppData\Roaming\MySQL\Workbench\ssh\known_hosts file.
[OK]
I am connected to my rds database using the following script-
ssh -L 3406:database.aws-server.rds.amazonaws.com:3306 -i username#100.100.100.100
this command will create a tunnel on your local machine port 3406 of the mysql's default port 3306.
after that you can connect at 3406 port in your application
ssh-keygen -f "C:\Users<USER>\AppData\Roaming\MySQL\Workbench\ssh\known_hosts" -R "database.aws-server.rds.amazonaws.com"

Remote access to local MySQL

I want to connect to MySQL. Unfortunately target server is accessible only from localhost. It is able to work around for example by uploading some PHP script on the server? I mean a single file rather than the entire PHPMyAdmin or something similar.
can you please elaborate more about your issue?
If you want to connect to mysql server remotely then you need to grant user in mysql users table with your local system IP range.
You could look at using ssh to tunnel the connection through your local host .. Will need to know a bit about your network layout
http://www.howtogeek.com/howto/ubuntu/access-your-mysql-server-remotely-over-ssh/
ssh -L 3306:localhost:3306 geek#webserver.com
you can use ssh tunneling for that here is a link
ssh -L 3306:localhost:3306 root#remote-mysql
The syntax is
ssh -L <localport>hostname<remoteport> <username>#<servername>.
We’re using localhost as the hostname because we are directly accessing the remote mysql server through ssh. You could also use this technique to port-forward through one ssh server to another server.

SSH directly into MySQL server

i got a remote webserver running with a mysql database.
Right now im using SSH to do any serverside management, and i access the MySQL often. I wondered if its possible for me to make a script that would ssh into the server and if run with "-sql" (subject to change) on the command line it would instead go into mysql.
What i made so far:
#!/bin/bash
if [ "$1" == "-l" ]; then
ssh user#192.168.0.101 //local address for privacy;
mysql -u root -p;
else
ssh user#192.168.0.101
fi
This results in an SSH session and when it ends my computer will try and create a mysql connection on the local machine.
#!/bin/bash
if [ "$1" == "-l" ]; then
ssh user#192.168.0.101 'mysql -u root -p';
else
ssh user#192.168.0.101
fi
This results in a password request and then nothing. I'm assuming its because using ssh with a command expects a response and then shuts down the connection.
Is there any way to do this, i realise that it's not of any significant importance, but it is fun to play around with
Thanks in advance
The mysql command only executes interactively if it's input is a terminal. When you run ssh with a command argument, it doesn't normally allocate a pseudo-tty on the server. So mysql just processes its standard input without displaying a prompt.
Use the -t option to force this:
ssh -t user#192.168.0.101 'mysql -u root -p'
One option you might want to consider for solving this kind of access problem is through the use of the tunneling facility in ssh:
ssh -l user -L 33306:192.168.0.101:3306 192.168.0.101
or maybe
ssh -l user -L 33306:127.0.0.1:3306 192.168.0.101
This creates a port on your local machine (33306) which tunnels to the mysql port (3306) on the remote machine.
Then on your local machine you run a local copy of mysql:
mysql --port=33306 -u root -p
which should connect through the tunneled port to your database.
Try like this. Feed mysql password with the command. So you don't have to enter the password.
ssh user#192.168.0.101 'mysql --user="root" --password="password" --database="database" --execute="My Query;"'
Also I suggest you to set keybased ssh authentication. Hence you can also avoid typing ssh password every time.

Ping target through ssh tunnel

I want to connect from source server S to my target server T. However connection to T is restricted to only from intermediate server I. Since S can't connect to T, I have created a ssh tunnel from S to T via I using:
ssh -N -f -L port:T:22 I
Now I can connect to T using:
ssh -p port user#localhost
But my problem is that I have to ping to the target T. How can I ping using tunneling.
You can't ping through a tunnel. SSH tunnels can only pass TCP connections, ping uses ICMP.
You could run ping on the intermediate server via SSH:
ssh I ping T