Apologies if this is in some way a duplicate - I couldn't find anything that covered this (at least in a way that I could understand made it similar).
Here's a basic diagram of my connections:
Laptop => SSH server 1 => SSH server 2 => MySQL (MariaDB)
I can use terminal to jump across to server 2 as per the usual methods:
ssh -t user#server1 ssh -p99 user#server2
Then, in the terminal, I can mysql -uroot -p as normal.
(connections amended to remove details, of course)
I have attempted a few different things to try and get a direct connection in DBeaver, but I can't seem to make it work with that extra ssh connection (inssheption - it's new to me). I've found, and have been playing with, Gnome Connection Manager to try and make this happen - I'm used to Win tools like Penguinet, which isn't available on Linux, but it does look to be capable.
I'm probably just out of my depth, but I am thinking that this should be simple - but I just can't get the hang of how to get this going.
I'm expecting that at some point I'll be able to connect to 127.0.0.1:1234 in DBeaver (SQL GUI), but I'm just struggling to make that happen.
Does anyone have a moment to advise the best method to daisy-chain the connections together?
Use port forwarding with SSH to bring remote port to your local machine.
ssh -L 1234:server1:1234 -t user#server1 ssh -L 1234:server2:1234 -p99 user#server2
Now you can connect to localhost:1234 and your connection will be forwarded to server2:1234. Just make sure that port 1234 on server1 and localhost are not in use.
Related
MySQL workbench has a handy connection option - 'standard TCP/IP over SSH'. This allows me to connect to a publicly-inaccessible MySQL server (let's call it mysql#private.com), by SSH-ing onto a remote server (let's call it myserver#public.com) that is on the same network as the MySQL server.
I am trying to re-create this using the MySQL command line client and persistently failing. I have tried opening an SSH tunnel to forward port 3306 from myserver#public.com, to 127.0.0.1 (ie, localhost). This does not work, because at no point have I specified where to find mysql#private.com.
I presume MySQL workbench must pull off this handy trick via some combination of the MySQL client CLI and generally-availble tools like SSH. If anyone could show me how it's done, I'd be most grateful.
As is customary with SO I googled for about three hours before posting this question then found the answer within about three minutes of posting it. There is a detailed guide here:
https://medium.com/#deepspaceprog/how-to-connect-via-ssh-to-an-amazon-rds-instance-running-postgresql-5e7661cdd37e
That says it better than I can but the critical command is this:
ssh -N -L 3306:mysql#private.com:3306 myserver#public.com
If I paraphrase this into English, I believe it might say
"ssh into myserver#public.com; forward port 3306 on the local connection mysql#private.com to 3306 on the local machine".
I am trying to understand PCF concepts and thinking that once i am done with creating mysql services in PCF, how i can manage that database like creating tables and maintaining that table just like we do in pur traditional environment using mySqldeveoper. I came across one service like PivotalMySQLWeb and tried but didnt liked it much. So if somehow i can get connection details of mysql service , i can use that to connect using sql developer.
The links #khalid mentioned are definitely good.
http://docs.pivotal.io/p-mysql/2-0/use.html
https://github.com/andreasf/cf-mysql-plugin#usage
More generally, you can use an SSH tunnel to access any service, not just MySQL. This also allows you to use whatever tool you would like to access the service.
This is documented here, but if for some reason that goes away here are the steps.
Create your target service instance, if you don't have one already.
Push an app, any app. It really doesn't matter, it can be a hello world app. The app doesn't even need to use the service. We just need something to connect to.
Either Bind the service from #1 to the app in #2 or create a service key using the service from #1. If you bind to the app, run cf env <app> or if you use a service key run cf service-key MY-DB EXTERNAL-ACCESS-KEY and either one will give you your service credentials.
Run cf ssh -L 63306:us-cdbr-iron-east-01.p-mysql.net:3306 YOUR-HOST-APP, where 63306 is the local port you'll connect to on your machine and us-cdbr-iron-east-01.p-mysql.net:3306 are the host and port from the credentials in step #3.
The tunnel is now up, use whatever client you'd like to connect to your service. For example: mysql -u b5136e448be920 -h localhost -p -D ad_b2fca6t49704585d -P 63306, where b5136e448be920 and ad_b2fca6t49704585d are the username and database name from step #3 and 63306 is the local port you picked from step #4.
Additionally, if you want to connect aws-rds-mysql (instantiated from Pivotal Cloud Foundry) from IntelliJ, you can use the DB-Navigator Plugin (https://plugins.jetbrains.com/plugin/1800-database-navigator) inside IntelliJ, through which, database manipulation can be performed.
After creating the ssh tunnel $ cf ssh -L 63306:<DB_HOSTNAME>:3306 YOUR-HOST-APP (as also mentioned in https://docs.pivotal.io/pivotalcf/2-4/devguide/deploy-apps/ssh-services.html),
Go to DB Navigator plugin and click on custom under new connection.
Enter the URL as: jdbc:mysql://:password>#localhost:63306/<database_name>
The following thread might be helpful for you as well How do I connect to my MySQL service on Pivotal Cloud Foundry (PCF) via MySQL Workbench or CLI or MySQLWeb Database Management App?
I used a quick start guide to create a mysql database on EC2 that I can access and query using RStudio. However, I'd like to use Tableau Desktop to visualize the data as well. Tableau can connect to MySQL, but Im not sure how to make it work with EC2. I think I need to use port forwarding. I've Googled extensively and found a few examples but I'm completely new to this and don't know where to begin.
I'm using Terminal on Mac OSX. I'm able to login to SSH and to MySQL once in SSH.
Tableau needs a server, port, user, pass, and initial SQL statement. I'm assuming the initial SQL statement is just "use MyDatabase;"
I remember running into this issue awhile ago and found the solution again. I think the main thing to remember is that you have to use the localhost as the address in Tableau after you ssh into EC2 instead of the address of the actual EC2. You also have to setup your ssh to forward the port as you mentioned. Here is how you do that with PuTTY.
In the first screenshot you will see I added 127.0.0.1:3306 as the destination. This is the address of MySQL as setup on your server. I included 9990 as the source port. This is the port that PuTTY will be monitoring for any given calls. Once you have these defined click add and then save your session and connect with your server credentials through PuTTY. Go to Tableau.
In the second screenshot you will see that I used 127.0.0.1 for the server and 9990 for the port that I defined in PuTTY. You then add the credentials in Tableau that correspond to your MySQL user that is setup on EC2.
We have a VPN tunnel with Openswan between two AWS regions and our colo facility (Used AWS’s guide: http://aws.amazon.com/articles/5472675506466066). Regular usage works OK (ssh, etc), but we are having some MySQL issues over the tunnel between all areas. Using mysql command line client on a linux server and trying to connect using the MySQL Connector J it basically stalls… it seems to open the connection, but then gets stuck. It doesn't get denied or anything, just hangs there.
After initial research thought this was an MTU issue, but I've messed with that a lot and no luck.
Connection to the server works fine, and we can choose a database to use and such, but using the Java connector it appears that the Java client isn't receiving any network traffic after the query is made.
When running a select in the MySQL client on linux we can get a max of 2 or 3 rows before it goes dead.
With this said, I also have a separate openswan VPN on the AWS side for client (mac and iOS) vpn connections. Everything works fantastically through the client VPN and it seems more stable in general. The main difference I've noticed is that the static connection is using "tunnel" as the type and the client is using "transport", but when switching the static tunnel connection to transport it says there's like 30 open connections and doesn't work.
I'm very new to OpenSWAN, so hoping someone can help to point me in the right direction of getting the static tunnel working as well as the client VPN.
As always, here's my config files:
ipsec.conf for BOTH static tunnel servers:
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
virtual_private=
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=0
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
include /etc/ipsec.d/*.conf
VPC1-to-colo tunnel conf
conn vpc1-to-DT
type=tunnel
authby=secret
left=%defaultroute
leftid=54.213.24.xxx
leftnexthop=%defaultroute
leftsubnet=10.1.4.0/24
right=72.26.103.xxx
rightsubnet=10.1.2.0/23
pfs=yes
auto=start
colo-to-VPC1 tunnel conf
conn DT-to-vpc1
type=tunnel
authby=secret
left=%defaultroute
leftid=72.26.103.xxx
leftnexthop=%defaultroute
leftsubnet=10.1.2.0/23
right=54.213.24.xxx
rightsubnet=10.1.4.0/24
pfs=yes
auto=start
Client point VPN ipsec.conf
# basic configuration
config setup
interfaces=%defaultroute
klipsdebug=none
nat_traversal=yes
nhelpers=0
oe=off
plutodebug=none
plutostderrlog=/var/log/pluto.log
protostack=netkey
virtual_private=%v4:10.1.4.0/24
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
type=transport
forceencaps=yes
right=%any
rightsubnet=vhost:%any,%priv
rightprotoport=17/0
# Using the magic port of "0" means "any one single port". This is
# a work around required for Apple OSX clients that use a randomly
# high port, but propose "0" instead of their port.
left=%defaultroute
leftprotoport=17/1701
# Apple iOS doesn't send delete notify so we need dead peer detection
# to detect vanishing clients
dpddelay=10
dpdtimeout=90
dpdaction=clear
Found the solution. Needed to add the following IP tables rule on both ends:
iptables -t mangle -I POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
This along with an MTU of 1400 and we're looking very solid
We had the same issue with a server connecting from the EU region to an RDS instance in the US. This appears to be a known issue with the RDS instances not responding to ICMP which is needed to auto-discover the MTU settings. As a workaround, you'll need to configure a smaller MTU on the instance that is performing the query.
On the server that is making the connection to the RDS instance (not the VPN tunnel instances), run the following command to get a MTU setting of 1422 (which worked for us):
sudo ifconfig eth0 mtu 1422
I downloaded Karl Kraft's MySQL source and libraries and built a mysql client lib for iOS 6. It worked beautifully the very first time on the local mysql database. Even handled blob data nicely.
The next step was to port forward to a remote database. After downloading various libraries and tearing out my hair, I went looking for a packaged solution.
I downloaded Chilkat's SSH Tunnel library (free 30 day trial -- and $149 -- worth it all). That worked the first time too. It was a pleasure after days and daze of not building, not linking, not compiling, not finding symbols for i386 blah blah blah!!
OK, so here is the kicker. I now want to work with a remote database. When I did the 3306 ssh port forward through ssh port 22 to 3306 on a database machine behind the firewall. Now I turn off mysqld, and my host is localhost port 3306. I have a slight problem with mysql.
The default start of the client on a UNIX/MAC machine is looking for a socket connection on localhost.
I get the following error:
Error: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (38)
I need a TCP protocol start option for mysql. With a command line, it is easy --protocol=TCP.
With the iOS client lib, it is not readily apparent. I did a search and in the mysql.h we have the mysql_protocol_type and the constants MYSQL_PROTOCOL_DEFAULT, MYSQL_PROTOCOL_TCP etc etc.
The missing knowledge that I have, is how to set the option programatically in Objective C.
There is a server object that just defines the parameters (server, name, ports, username, password) and the next object is a connection object that calls mysql_init(). Does anyone have any clues on how to do this?
BTW: Karl Kraft and the guy from ChilKat should have their blood preserved for posterity. They saved me a lot of time.
Thanks in advance.
Took me a while to figure this out. With the MySQL client, if you specify connection to 'localhost', it tries to connect with a UNIX socket at either /tmp/mysql.sock or /var/lib/mysql.sock. However if you specify localhost as 127.0.0.1, then it connects with a TCP protocol equivalent to --protocol=TCP.