SSH Tunnel MySQL Connection with socket-connection via PhpStorm - mysql

By default, Database Manager from PhpStorm works well. But currently on a special Provider (1u1.de) I have some trouble to got this work.
I can connect to the Provider via SSH. If I want to connect to MySQL database, I have to use:
mysql --host=localhost --user=dbo123123123 -S /tmp/mysql5.sock --password='123123123';
That's works well via CLI on Server, but I didn't find a way to connect via PhpStorm to this Database.
For me it seems that the "socket-connection" may be the Problem. Does anybody have a clue how to got this to work?
Part of the Solution (?!):
Maybe a first part of an solution, I found that you be able to forwarding an Socket to your local pc as own socket this way:
ssh -nNT -L $(pwd)/yourLocal.sock:/var/run/mysqlREMOTEMYSQL.sock user#somehost
Source of Information
This show me, that the Socket is established:
netstat -ln | grep mysql
unix 2 [ ACC ] STREAM LISTENING 3713865 /myFolder/mysql5.sock
But I'm still unable to connect to this Socket with:
mysql -h localhost --protocol=SOCKET -u'username' -p'mypassword' -S /myFolder/mysql5.sock
Got this Error:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 95 "Operation not supported"

ssh -L /tmp/mysql.sock:/var/run/mysqld/mysqld.sock sshuser#remotehost
and then
mysql -h localhost --protocol=SOCKET -u'username' -p'mypassword' -S /tmp/mysql.sock
seems to work fine for me

Use SSH to setup a port forward, this will allow you to connect securely to your database without exposing it to the world.
On ssh, use the -L argument to establish the tunnel.
ssh -L <local_port>:<remote_host>:<remote_port> user#host
This will open <local_port> on your local machine, and then redirect all packets out the other side of the tunnel, destened for the <remote_host>:<remote_port>
In your case, you might want to try something like this:
ssh -L 3306:127.0.0.1:3306 user#mybox.1u1.de
After establishing the tunnel, you will be able to connect to the database through a local port.
From your local machine, not the 1u1 host,
mysql -u <user> -p --host 127.0.0.1 --port 3306
If this works properly, you should be able to configure PhpStorm to use the same address, 127.0.0.1:3306
The SSH tunnel will need to remain open the entire time you need to be connected to the database.

Related

Yet another "Lost connection to mysql server at 'reading initial communication packet', system error: 0" issue

This seems like a duplicate post, but I have checked all the solutions posted in relevant posts and none of them worked for me. So allow me to state the problem more accurately.
I have a server, where MySQL is installed. I have a user X with password P.
If I connect to the server (ssh or something) and try to run MySQL locally (mysql --user=X --password==P) it logs in perfectly, and I have access to everything:
mysql> show grants;
...
+------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'X'#'%' IDENTIFIED BY |
|PASSWORD 'somehash' WITH GRANT OPTION |
+------------------------------------------------------+
Now if I go to the config file: (sudo vim /etc/mysql/my.cnf) I see the following:
bind-address = 0.0.0.0
port = 3306
Then I go to hosts allow file (sudo vim /etc/hosts.allow) I see:
mysqld: ALL
Then I go to hosts allow file (sudo vim /etc/hosts.deny): the file is empty (except for some comments).
Still, when I try to connect with MySQL workbench I have the problem.
Here is how I do it. I go to add a new connection, I add the URL, username, pass, and port, and I click test connection and I get the message that is the title of this question. I tried with a random (non-existent) user pass combination and still I get the same response.
I tried commenting out bind-address too BTW. Also the server is generally accessible for other services like PostgreSQL and such.
not a solution to your server firewall issue but a workaround, as you are able to ssh into your database server:
You can try ssh remote port forwarding from your mysql server to your local machine, and then connect the mysql client to the local port. I use this method whenever I'm behind a firewall. As a bonus, data transmitted over this connection is also very secure.
For example, if you ssh'ed into the remote machine using
ssh hal#remote.machine.com -i ~/.ssh/hal.key
Then you could set up the port forwarding like this:
ssh -L 54321:127.0.0.1:3306 hal#remote.machine.com -i ~/.ssh/hal.key -f -N -M -S ~/.ssh/tunnel_54321_remote_machine_mysql
Then you can connect to the database as if you were connecting to the database locally (using the commanline mysql client as example):
mysql -h 127.0.0.1 -P 54321 -u my_user -p my_database
This should then prompt for your password.
To close the tunnel:
ssh -S ~/.ssh/tunnel_54321_remote_machine_mysql hal#remote.machine.com -i ~/.ssh/hal.key
I first learned about this method from the postgres docs.
This is more than likely a firewall issue.
Easiest way to debug that at first, is to try telnet to the server on port 3306 both locally, and from remote. MySQL will send the version string in plaintext that you can see inside telnet if you are being correctly connected.
If you do not get that string, then something such as a firewall is likely blocking the connection.

Connecting to MySQL via SSH ERROR 2013 (HY000)

The Setup
I am currently using the Premium Wordpress Hosting provided by MediaTemple. I have a very large data-set to import and I was hoping to get direct access to the database via an SSH tunnel.
--------------- ------------------- ------------
| My Machine | ---- SSH TUNNEL -----| Hosting Server | -- -- ? -- -- | Database |
--------------- ------------------- ------------
What Works
If I ssh into the Hosting Server and from the shell on the Hosting Provider, connect to mysql like this, I am able to get into MySQL.
mysql -uuser -ppassword -h123.456.789.1 -P3308
What Does Not Work
However, if I try to connect to MySQL using the -L flag with SSH to create a tunnel, I am unable to connect to the server.
ssh me#hostingserver.net -L 7002:123.456.789.1:3308
From a shell on My Machine:
mysql -uuser -ppassword -h127.0.0.1 -P7002
I get the following error:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0
From reading other answers (StackOverflow , StackOverflow), I have reasoned that the issue stems from the IP address with which MySQL client tries to bind. I think that the ip address attach to the request to connect, when executed on my machine, is not on the white-list of the Database Server.
Is there anyway to get direct access to the MySQL Database from My Machine. From a system administration perspective, I obiviously have enough access to connect to the MySQL database from the shell but I cannot run the client on My Machine. I have a very large dataset that I would like to transfer from My Machine to Database. I would also like to be able access the database and exicute SQL whenever I need to. This and the large dataset kind of eliminates the possibility of just using a the source command from the MySQL Client on Hosting Server. What is the best workaround to give me something close to the ability to run SQL on the Database from My Machine?
I encountered roughly the same issue. That is, I simply could not connect to the MySQL server, even though I had successfully tunneled to the remote host.
TLDR: it was an iptables issue involving the loopback interface
In my situation, mysqld was running on the same VPS as sshd. However, the MySQL instance was bound only to 127.0.0.1 and listening on the default port. As you did, I confirmed that I could connect to the mysqld instance on the remote machine using the credentials used locally.
Here is the tunnel:
ssh -v -N -L 33306:127.0.0.1:3306 sshuser#sshanddbvps.org
Here is the connection string to the mysqld instance using the mysql client:
mysql -umysqluser -h127.0.0.1 -P 33306 -p
Even though ssh indicated that the connection was successful...
debug1: Connection to port 33306 forwarding to 127.0.0.1 port 3306 requested.
...the mysql client connection would error out after accepting the correct password with the message you mentioned:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet'...
To check that data was flowing across the loopback interface, I logged into the remote server and ran three commands in three separate shells:
while true; do echo -e "HTTP/1.1 200 OK\n\n $(date)" | nc -l 127.0.0.1 1234; done
tcpdump -i lo src 127.0.0.1 -or dst 127.0.0.1
nc 127.0.0.1 1234
After running the third, output from the second command appeared:
13:59:14.474552 IP localhost.36146 > localhost.1234: Flags [S], seq 1149798272, win 43690, options [mss 65495,sackOK,TS val 48523264 ecr 0,nop,wscale 7], length 0
But nothing indicating that packets were flowing in the reverse direction.
Inserting a rule in the INPUT chain of the firewall that allowed traffic from the default loopback address solved the issue:
iptables -I INPUT 4 -i lo -s 127.0.0.1 -j ACCEPT

MySQL Database Connection via SSH Tunnel

i have a problem with our new database. The only way to access the database is throw a SSH tunnel. But it doesn't work...
I use following commands:
sshpass -p <PASSWORD> ssh <USER>#<DOMAIN> -p <PORT> -L 3306:localhost:3306 -f -N
I think the ssh tunnel works and is established.
Now I want to connect via Shell-File the database.
deposit=`mysql -h localhost --port=3306 -u <DATABASEUSER> --password=<DATABASEPASSWORD> --skip-column-names -e "<MYSQLSYNTAX>"`
But there is always folowing error:
ERROR 1045 (28000): Access denied for user '<DATABASEUSER>'#'localhost' (using password: YES)
Do you have any ideas or am I doing something wrong?
Thank you very much!
Assuming all your permissions are okay, it may be worth swapping localhost for 127.0.0.1.
As per the MySQL docs: http://dev.mysql.com/doc/refman/5.5/en/connecting.html
On Unix, MySQL programs treat the host name localhost specially, in a
way that is likely different from what you expect compared to other
network-based programs. For connections to localhost, MySQL programs
attempt to connect to the local server by using a Unix socket file.
This occurs even if a --port or -P option is given to specify a port
number. To ensure that the client makes a TCP/IP connection to the
local server, use --host or -h to specify a host name value of
127.0.0.1, or the IP address or name of the local server.
As I understand you are trying to create a tunnel between your computer and a remote computer that's running SQL server. In your ssh command substitute 3306:localhost:3306 with the remote computer IP address. Note this should be its internal local IP address if you are not in the same local network as the remote computer. Check your SQL Database permissions, username and password as well.

MySQL remote access via SSH Tunnel error

I've created an SSH tunnel on my local machine to reach an access to the mysql server on my remote machine. Everything is fine, tunnel is working if I get this error, but why this error occurs?
Here is the error message:
2013 - Lost connection to MySQL server at 'reading initial communication packet', system error: 0
It happends only, when I want to connect via Navicat (SSH Tunnel) from my local to the remote machine, on the remote machine mysql works without such errors.
Have you guys any solutions for that?
This error occurs when the configuration of the bind-adress option is wrong. Your MySQL server at least should listen on the localhost - 127.0.0.1
Login to your local Linux machine then run this command:
ssh -L 3307:localhost:3306 -N user#remote.server.com
Use the mysql database from remote server:
mysql -u root -p --port 3307 -h 127.0.0.1
Make sure the local mysql does not use the same port in Linux environment.

why is mySQL connecting at any/all ports

I'm running Linux Mint and trying to connect to mySQL this way
mysql --port=3306 -u root -p
Then it prompts me for my password. This is all fine. Why is it that when I type something like this it still works....
mysql --port=1234 -u root -p
Should that not fail since there is no mySQL server running on port 1234?
The reason I am asking this is because I want to create a SSH tunnel to connect to a database on another server. Let's say the SSH tunnel will forward all my traffic from localhost:3308 to myremoteserver:3306. Since my local mySQL server is accepting my connections on all ports, I cannot actually connect to port 3308 and hit the remote server. I am still hitting my local server....
Even if my SSH tunnel options might have been wrong, I was wondering if anyone knew why I can connect to port 1234 and it still hit my local mySQL server running on 3306?
IIRC mysql connects you to a Unix socket if you are connecting to localhost. Since it does not connect you via TCP in this case, there is no port involved and the port number you give does not matter.
Edit: Not sure if this is true on all systems, but If I use 127.0.0.1 or the hostname instead of localhost, mysql connects via TCP and the port number does matter - I can connect with the correct port number only.
To force a TCP connection use --protocol=TCP.
Example:
First the SSH tunnel
ssh -L 4000:localhost:3306 server.ch
and then connect to the remote mysql server with
mysql -h localhost --port=4000 --protocol=TCP -u root -p
It will ask you for your password before it tries to connect. If you enter your password (or anything else for that matter), and let it proceed, it will respond with something like:
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/opt/local/var/run/mysql5/mysqld.sock'
#titanoboa, thx for this! I was having the same issue. Just to add you can actually force TCP connection even for localhost using the following
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
protocol = TCP
Cheers