I want to connect to my database with the tool SquirreL in ssh.
Is it possible?
Sadly I have no other options for this server, so I ll have to change of tool if it is not working.
There's no way to do it directly through Squirrel, but it's ridiculously easy (when you know how) to set up the ssh tunnel that Squirrel can use.
I'd forgotten how, and came here looking for something to refresh my memory... but I had no luck on StackOverflow, so I did the research and I'm leaving the solution here for future-me... and hopefully it'll help someone else, too.
Create the ssh tunnel:
$ ssh -v -N -L3307:localhost:3306 remotehostname
I chose to use port 3307, since I also have MySQL running locally on port 3306.
Details (or you can just skip to step 2):
3307 is the port you want to use locally to refer to the remote system.
I believe that localhost here is referring to the remote system, from its own point of view, so localhost:3306 references the the standard MySQL port on the remote system.
-v is optional; it just makes ssh's output more verbose, which can help with troubleshooting. You're not going to be using the window running ssh for anything else, so might as well let it be chatty.
-N says you're not interested in actually opening a shell on the remote host. We're here for a database connection only.
If you have the verbose option turned on, you should see a message like this:
debug1: Local connections to LOCALHOST:3307 forwarded to remote address localhost:3306
If you don't have verbose output turned on, you'll only see something like Authenticated to 10.0.1.234 (via proxy).
Set up an "alias" in Squirrel that looks something like this:
Click Test and then Connect to test your connection.
If you ran ssh with the -v option, you can watch the window while you attempt to connect via Squirrel. You should see something like this for a successful connection:
debug1: Connection to port 3307 forwarding to localhost port 3306 requested.
debug1: channel 2: new [direct-tcpip]
debug1: channel 2: free: direct-tcpip: listening port 3307 for localhost port 3306, connect from 127.0.0.1 port 54536 to 127.0.0.1 port 3307, nchannels 3
When you're done with the database, just hit CtrlC in the ssh window to kill the tunnel (if you left off the -N option, I guess you'd have to hit CtrlD to close the shell).
Sadly squirrelSQL does not support ssh tunneling. Fortunately, MySQL Workbench does support ssh tunneling so I would recommend using that instead if you are connecting to a MySQL database.
An alternative to using a different tool is to use ssh port forwarding. Essentially you can forward port 3306 (or whatever port your MySQL DB uses) from the remote box to your local box. There are a number of guides on the web on how to do this. Once the tunnel with port forwarding is established you can use a local connection string like 'localhost:3306'. to connect to the remote db. It's good idea to put the ssh connection string in a .sh or .bat file because you'll have to run when you need to connect to the DB for the first time.
Related
I want to use the RMySQL package to query a database. I usually type ssh website.com in my mac terminal before using dbConnect() and dbGetQuery() in a R script.
My database is behind a firewall and only accessible locally and to the best of my knowledge needs to be ssh'd into.
Is it possible to do the entire process in R?
I've tried system('ssh website.com')) without success
Thanks
You need to establish a port forward between your system and the ssh server.
Add the following to your ~/.ssh/config file:
Host mysql-tunnel-website.com
LocalForward 3306 localhost:3306
I highly recommend SSH key usage for this. Github's SSH key guide is pretty good. I'm not an R coder, but R might dislike the need to enter a password interactively in a system() call and SSH keys (when passwordless or when added to an ssh-agent) remove that need.
Now you should be able to start up the tunnel in R with:
system('ssh -f mysql-tunnel-website.com')
This will map website.com's localhost port 3306 to your ssh client's localhost on port 3306, allowing you to run the same code on your ssh client system as you would have on the remote website.com system.
Your R code needs to point to host=localhost and port=3306 (which should be the default).
If the remote SQL server isn't served by website.com's localhost with port 3306, simply change the localhost:3306 to the appropriate server:port combination relative to what is accessible from website.com. If you're unable to use port 3306 on your ssh client system (perhaps you're running MySQL locally?), you can forward to a different port by changing that first 3306 to any other port (I tend to prefix a digit like 13306) and then be sure to specify that alternate port (e.g. port=13306) in your R code.
I am trying Peewee to connect and retrieve data from a MySQL remote database, but I get the following error:
InternalError: (1130, "Host 'x.x.x.x' is not allowed to connect to this MariaDB server")
Could you help me?
"retrieve data from a MySQL remote database"
"Host is not allowed to connect to this MariaDB server"
Seem to point on a simple problem:
You're not allowed to connect on the DB from "outside".
By default, MySql / MariaDB are only listening on the "inside" of the server, from MariaDb doc :
MariaDB packages bind MariaDB to 127.0.0.1 (the loopback IP address) by default as a security measure using the bind-address configuration directive.
This mean apart for an application that run on the same machine (accessing 127.0.0.1 or localhost), you'll not be able to connect.
Solutions:
SSH tunnelling
This is probably the safest way to allow a connexion on a remote DB.
SSH is a protocol that allow you to connect to a server. It's mainly used on unix server to manage them, but can do a lot more.
How to use it in your case?
if you can connect with SSH to your DB server, then running this simple command on your notebook the will do the trick:
ssh -L 3306:localhost:3306 user#x.x.x.x
Lets explain a bit: first, your run SSH, then, you tell him to enable a port forwarding from your 3306 port to the localhost:3306 port of the server you connect through user#IP.
With this command running, every query from your local machine:3306 will by send to your MariaDB:3306 server, allowing you to use it as if you where on the server.
Allowing a remote-access user
This one is way more dangerous than the previous one. You'll need to take your time and think about every outcome it mean.
As already said, you're not allowed to connect from outside, ssh let you be "inside", but if you know what you do, you can just remove the security.
The point is:
to make an account that'll be able to login from a remote IP,
allow MariaDB to listen on external requests,
and at least, secure other account to disable remote connection.
[I'm not putting the how-to now, if you really need it, I'll update this answer]
Im trying to allow remote accecss to MySQL on my Ubuntu server (VPS).
Im trying to access the database through an Java application Im building in Netbeans. Netbeans kick the following error message, when trying to connect:
Cannot establish a connection to
jdbc:mysql://xx.xxx.xxx.xxx:3306/xxxxxx?zeroDateTimeBehavior=convertToNull
using com.mysql.jdbc.Driver (null, message from server: "Host
'xx.xxx.xxx.xxx' is not allowed to connect to this MySQL server")
I have followed this guide when trying to connect to my MySQL server through Netbeans: https://www.youtube.com/watch?v=Fk2EkBs-Oq4
MySQL
MySQL running on standard port 3306.
In /etc/mysql/my.cnf I have comment out the following row:
bind-address = 127.0.0.1
So no bind-address exist in my my.cnf -file.
UFW
I have UFW installed on my server. ufw status numbered looks like this:
To Action From
-- ------ ----
[ 1] 22 ALLOW IN Anywhere
[ 2] 80/tcp ALLOW IN Anywhere
[ 3] Anywhere ALLOW IN MY-IP-ADDRESS*
[ 4] 3306/tcp ALLOW IN Anywhere
[ 5] 3306/tcp ALLOW IN MY-IP-ADDRESS*
[ 6] 22 (v6) ALLOW IN Anywhere (v6)
[ 7] 80/tcp (v6) ALLOW IN Anywhere (v6)
[ 8] 3306/tcp (v6) ALLOW IN Anywhere (v6)
*MY-IP-ADDRESS = The ip address I have "out" to the internet, which I recive from: http://whatismyipaddress.com/
What am I doing wrong and why cant I connect?
EDIT:
The thing is that if i bind in my.cnf I can only bind one IP. I need localhost access for my live websites running on the vps and also access from my dev-computer (which this thread is aiming). My thoughts was to remove bind in my.cnf to allow all and then grant access through my firewall UFW to localhost and my dev-computer.
if you want to use Connect via PuTTY and tunnel
look at the bottom of this answer
I assume you have a mysql administration tool.
The following will look depending on the tool used linux or something else, but work the same.
Login there and go into the user administration.
If you have installation a normal Mysql, then there should be only root without a host.
From the moment when you have created a localhost, then Mysql assume that you want to manage multiple hosts.
Create a existing host. A computer name exists in your network. Here root#dxxxxx-p. This should be created under the root user.
That's not all now you still have all your tables grant permissions.
Here pricelist has no assigned permissions
But sample has all permissions
With multiple host administration is for example.
A computer with two accessible names
myComp1 : IP 192.168.0.101
localhost : IP 127.0.0.1
If you now connect on the same computer with "mysql -h localhost -u root ...." you get the permissions you have assigned to localhost.
You might think because localhost and myComp1 is the same computer.
Now automatically myComp1 has the same permission as localhost .
But this is not so. So be careful.
Connect via `PuTTY` and tunnel
when you connect you with PuTTY, everything described above is not necessary.
With tunnel you connect as root#localhost on the ubuntu server.
Localhost is here somewhat misleading because it does not relate to your windows computer but on the localhost on the ubuntu server.
Access Your MySQL Server Remotely Over SSH
So you’ve got MySQL on your web server, but it’s only opened to local ports by default for security reasons.
If you want to access your database from a client tool like the MySQL Query Browser or Netbeans , normally you’d have to open up access from your local IP address… but that’s not nearly as secure.
So instead, we’ll just use port-forwarding through an SSH tunnel, so your MySQL client thinks it’s connecting to your localhost machine, but it’s really connecting to the other server through the tunnel.
Go to SSH->Tunnels
After clicked Save
Make sure that the MySQL server are off on the Windows computer.
I'm using MySQL System Tray Monitor.
With a right click, I see all the options.
click Open
If you have done all the settings for SSH on ubuntu right, that should appear here. (If NOT Search for Ubuntu SSH and Putty on the web)
Do not forget: Now that you've logged on ubuntu server you have all the right as root#localhost on the server itself, since root#localhost has all rights, you need not create a host and create permissions to schemas
Now on your windows computer open MySql Query Browser
Now connect to localhost (remember this localhost means localhost on ubuntu)
You can use in Netbeans the same settings to connect to Mysql on Ubuntu
Mysql Query Browser opens you can work on your Databases on UBUNTU
Netbeans
After closing New Connection Wizard
A new connection is created with all Databases On Mysql Ubuntu.
Change
bind-address = 127.0.0.1
To
bind-address = YOUR-IP-ADDRESS*
You need to grant access to that database :
GRANT ALL ON foo.* TO bar#xxx.xxx.xxx.xxx IDENTIFIED BY 'PASSWORD';
And also updated the firewall rules something like :
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT
I'd like to connect to MySQL (deamon is running on my VPS) via HeidiSQL. I've created new user, commented bind-adress option and when I try to connect with it via HeidiSQL, I've got an error 2003: Can't connect to MySQL server on 'xxx.xxx.xxx.xxx' (10061).
What should I do?
It could be a number of factors.
See if a firewall is blocking your traffic to the other host
Can you simply ping the host from the client machine?
Can you also open a simple telnet session to the host on port 3306 ?
(If the telnet is accepted, you will probably see some characters appear and you will remain in the telnet session for a few seconds before the connection is closed. If not accepted, you will see the message Connection refused.)
There's a simple checklist for this:
Is your MySQL server bound to "localhost" only? It might be listening for connections only on 127.0.0.1 or ::1 instead of any which is usually 0.0.0.0. Try connecting on your server to your server with mysql --host=host_ip where host_ip is your network IP address. I think the default is localhost-only.
Is port 3306 firewalled? Many distributions allow only SSH by default, so you may need to open this up to your client machine. Try not to open this up to everyone on the internet as having an open MySQL port is asking for trouble. It's always best to limit access to a set of specific IPs if possible.
Can you connect via an SSH tunnel instead? This is far more secure as it means your 3306 port is properly firewalled. There are many tools for creating SSH tunnels, but the basic principle is to forward a local port of your choosing to the remote server's port 3306.
I have a ubuntu server which I've locked down to only HTTP, HTTPS and SSH (port 30000). On this box I have a MySQL server which 99.9% of the time is only used locally. Every now and then I want to connect to the MySQL instance with the GUI tools, but without touching the firewall.
Therefore, it is possible to set things up so that I can connect to the MySQL box with the SSH connection? Is there any sort of port forwarding magic I can do?
ssh -L localport:127.0.0.1:remoteport user#remotehost
where localport is an unbound port on your local system, remoteport is the port on which MySQL listens, 127.0.0.1 is the loopback address on your remote system, user is your user name and remotehost is the address of the remote system.
Then point your MySQL client to 127.0.0.1:localport. The connection will be forwarded over the SSH tunnel to the remote port.
If you are using Windows or Unix on your local machine, PuTTY is an excellent tool for this. Here's a tutorial on port forwarding:
http://www.cs.uu.nl/technical/services/ssh/putty/puttyfw.html
Set up a tunnel using the SSH client to map a local port, through the tunnel, to a port on the remote machine, then connect to the local port using the client.
man ssh will have the gory details, but you're probably better off searching the web for something a wee bit easier to read.
I'd suggest using HeidiSQL if you are on Windows. It handles the SSH tunnel by itself (you just need to download the plink.exe utility).
In my humble opinion, it is the best MySQL tool out there (and it's free and open source).
There two ways to use the GUI mysql tools on a remote MYSQL machine.
I'm assuming the remote machine is running linux.
Option 1.
SSH port forwarding.
ssh -L 3306:proxy:3306 username#remotehost
Basically you forward port 3306 on your local machine to 3306 on your remote machine, then you tell your graphical MYSQl tool to connect to localhost:3306 and you assume that your remote machine is listening on the standard port of 3306
http://magazine.redhat.com/2007/11/06/ssh-port-forwarding/
Also ssh -D 3306 username#remotehost should be similar
Option 2.
If you are running xserver on your remote machine and have the GUI tools installed on your remote machine you can tunnel your GUI over the SSH connection.
ssh -X username#remotehost and then start your GUI tools over on remote machine from the command line.
SSH/HTTP tunneling in SQLyog is good. There is public/private key authentication which adds an additional layer of security.
I suggest looking to phpMyAdmin a web based tool to administrate MySQL, and is very good (requires PHP). It can be installed through the normal Ubuntu methods (e.g. Synaptic)
Or do X tunnelling with SSH as mentioned above.