MySQL Database Connection via SSH Tunnel - mysql

i have a problem with our new database. The only way to access the database is throw a SSH tunnel. But it doesn't work...
I use following commands:
sshpass -p <PASSWORD> ssh <USER>#<DOMAIN> -p <PORT> -L 3306:localhost:3306 -f -N
I think the ssh tunnel works and is established.
Now I want to connect via Shell-File the database.
deposit=`mysql -h localhost --port=3306 -u <DATABASEUSER> --password=<DATABASEPASSWORD> --skip-column-names -e "<MYSQLSYNTAX>"`
But there is always folowing error:
ERROR 1045 (28000): Access denied for user '<DATABASEUSER>'#'localhost' (using password: YES)
Do you have any ideas or am I doing something wrong?
Thank you very much!

Assuming all your permissions are okay, it may be worth swapping localhost for 127.0.0.1.
As per the MySQL docs: http://dev.mysql.com/doc/refman/5.5/en/connecting.html
On Unix, MySQL programs treat the host name localhost specially, in a
way that is likely different from what you expect compared to other
network-based programs. For connections to localhost, MySQL programs
attempt to connect to the local server by using a Unix socket file.
This occurs even if a --port or -P option is given to specify a port
number. To ensure that the client makes a TCP/IP connection to the
local server, use --host or -h to specify a host name value of
127.0.0.1, or the IP address or name of the local server.

As I understand you are trying to create a tunnel between your computer and a remote computer that's running SQL server. In your ssh command substitute 3306:localhost:3306 with the remote computer IP address. Note this should be its internal local IP address if you are not in the same local network as the remote computer. Check your SQL Database permissions, username and password as well.

Related

SSH Tunnel MySQL Connection with socket-connection via PhpStorm

By default, Database Manager from PhpStorm works well. But currently on a special Provider (1u1.de) I have some trouble to got this work.
I can connect to the Provider via SSH. If I want to connect to MySQL database, I have to use:
mysql --host=localhost --user=dbo123123123 -S /tmp/mysql5.sock --password='123123123';
That's works well via CLI on Server, but I didn't find a way to connect via PhpStorm to this Database.
For me it seems that the "socket-connection" may be the Problem. Does anybody have a clue how to got this to work?
Part of the Solution (?!):
Maybe a first part of an solution, I found that you be able to forwarding an Socket to your local pc as own socket this way:
ssh -nNT -L $(pwd)/yourLocal.sock:/var/run/mysqlREMOTEMYSQL.sock user#somehost
Source of Information
This show me, that the Socket is established:
netstat -ln | grep mysql
unix 2 [ ACC ] STREAM LISTENING 3713865 /myFolder/mysql5.sock
But I'm still unable to connect to this Socket with:
mysql -h localhost --protocol=SOCKET -u'username' -p'mypassword' -S /myFolder/mysql5.sock
Got this Error:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 95 "Operation not supported"
ssh -L /tmp/mysql.sock:/var/run/mysqld/mysqld.sock sshuser#remotehost
and then
mysql -h localhost --protocol=SOCKET -u'username' -p'mypassword' -S /tmp/mysql.sock
seems to work fine for me
Use SSH to setup a port forward, this will allow you to connect securely to your database without exposing it to the world.
On ssh, use the -L argument to establish the tunnel.
ssh -L <local_port>:<remote_host>:<remote_port> user#host
This will open <local_port> on your local machine, and then redirect all packets out the other side of the tunnel, destened for the <remote_host>:<remote_port>
In your case, you might want to try something like this:
ssh -L 3306:127.0.0.1:3306 user#mybox.1u1.de
After establishing the tunnel, you will be able to connect to the database through a local port.
From your local machine, not the 1u1 host,
mysql -u <user> -p --host 127.0.0.1 --port 3306
If this works properly, you should be able to configure PhpStorm to use the same address, 127.0.0.1:3306
The SSH tunnel will need to remain open the entire time you need to be connected to the database.

Is there a way to connect MySQL with binding local port?

I'm working on detect(ip:port) the login behavior of MySQL on different client, But I only get one client machine to use, what I want is to use the same IP and various(explicitly specific, not random select) PORT to connect the MySQL server, because you can specific a port to bind in your client code.
Is there a way(On command line mysql or MySQL C API) to specific the port number on connecting the MySQL server?
Try This
ssh -i /Users/xxxx/key.pem user#data.server.com -L 53306:localhost:3306 -f sleep 60 >> logfile
mysql -u user -p -h 127.0.0.1 -P 53306

Connect to MySQL via ssh tunnel to localhost

I want to connect to remote MySQL via ssh tunnel with user that has 'localhost' access.
I use this to make a tunnel:
ssh -f -N -L 33306:localhost:3306 user#remote-host
and this to connect to host:
mysql -h 127.0.0.1 -P 33306 -uuser -ppassword
The error i get is:
ERROR 1045 (28000): Access denied for user 'user'#'remote-host' (using password: YES)
The problem is that user 'user'#'remote-host' (or 'user'#'%') does not exist, only 'user'#'localhost' does.
Is there a way to force remote host, without server-side modifications into thinking that i come from localhost? That's the only reason I would do the connection via ssh tunnel anyway.
Note:
If I want to connect with this command:
mysql -h localhost -P 33306 -uuser -ppassword
I get this error:
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
Additional data:
On remote server in /etc/hosts the values are like this:
127.0.0.1 localhost
remote-ip remote-host
The simple way to create MySQL Tunnel to REMOTE HOST:
$ ssh -fNL TEMP_PORT:localhost:MYSQL_SERVER_PORT USER#SERVER_NAME
Test:
$ mysql -u root -p -h 127.0.0.1 -P TEMP_PORT
Please note that localhost and 127.0.0.1 are treated differently in mysql on unix.
Quoting:
On Unix, MySQL programs treat the host name localhost specially, in a way that is likely different from what you expect compared to other network-based programs. For connections to localhost, MySQL programs attempt to connect to the local server by using a Unix socket file
http://dev.mysql.com/doc/refman/5.7/en/connecting.html:
Furthermore, mysql client would silently try to use a socket file even if you explicitly specify -P on your command line:
This occurs even if a --port or -P option is given to specify a port number. To ensure that the client makes a TCP/IP connection to the local server, use --host or -h to specify a host name value of 127.0.0.1
Effectively, using this command
mysql -h localhost -P 33306 -uuser -ppassword
you're simply trying to connect to your local mysqld which is missing
Considering this, your question boils down to connecting to a remote server available over a domain socket.
If installing additional software meets your requirements 'without server-side modifications' you could use socat as described here:
https://www.debian-administration.org/users/dkg/weblog/68.
Tailored for mysql, it could work as follows:
install socat on both ends
socat "UNIX-LISTEN:your_local_path/mysql.sock,reuseaddr,fork" EXEC:'ssh user#remote-host socat STDIO UNIX-CONNECT\:/your_server_path/mysql.sock"
mysql -S your_local_path/mysql.sock -u user

MySQL permission denied from local but can connect remotely

I am trying to connect to my mysql database on a remote server (via ssh) through the command:
mysql -u me -h mydomain.com -p
But it fails with a ERROR 1045 (28000): Access denied for user.. error
While
mysql -u me -h localhost -p
Works
Now this isn't just because I have not setup permissions, because the permissions to this database are set for % or any host for the me user.
This is proved by the fact that I can connect correctly from my local machine to the server, using the same user. i.e. running the following command from my local machine works:
mysql -u me -h mydomain.com -p
So my question why does this happen and how can I fix it? Why can I not connect to my mysql server from my server when I use the domain name instead of localhost, even though the permissions are setup to accept connections from any host.
This happens because of the way MySQL handles permission grants.
When you connect from a remote host (or from the local host via an external IP), it will match the me#% entry (if there is no specific grant for the particular host you're using!). But when you connect via the loopback interface (the "localhost" IP) or a socket, it will use the me#localhost grant. So you must have two GRANT PRIVILEGES; one for me#localhost and one for me#%.

mysql client connection hostname question

Have a question that I can't seem to find an answer for. I am trying to connect to a remote database. I type in the following to my Ubuntu shell:
mysql -u test -h mysql.domain.com -p
mysql asks for my password and then outputs the following:
ERROR 1045 (28000): Access denied for user 'test'#'externalit.domain.com' (using password: YES)
The problem is that I am not on externalit. I am on a completely different host. I think that the server I am on was cloned from externalit, but I didn't set the server up. My question: does mysql have a conf file or other setting that may be automatically entering an incorrect hostname? Can I change this?
That's the name that the server thinks goes with your IP address. It could be do to a DNS setting (it's trying a reverse-DNS), or something in the /etc/host file (mapping that IP to that host).
You need to make sure the reverse DNS on the machine you are connecting from matches the address for the user.
If you are on a shared IP or can't control the reverse DNS then change the permissions on the user to 'test'#'%' this will allow anyone from any ip address connect as long as they have the correct username/password pair. of course this opens up some security issues.
You can prevent mysql from doing reverse lookups and then use 'test'#'123.123.123' as the user/host but unless you are on a fixed IP that could cause issues.
DC
Try adding a protocol option:
mysql -u test -h mysql.domain.com --protocol=tcp -p
and/or try adding a port explicitly:
mysql -u test -h mysql.domain.com -P3306 --protocol=tcp -p
(see: http://dev.mysql.com/doc/refman/5.1/en/mysql-command-options.html#option_mysql_protocol)