Connect to MySQL via ssh tunnel to localhost - mysql

I want to connect to remote MySQL via ssh tunnel with user that has 'localhost' access.
I use this to make a tunnel:
ssh -f -N -L 33306:localhost:3306 user#remote-host
and this to connect to host:
mysql -h 127.0.0.1 -P 33306 -uuser -ppassword
The error i get is:
ERROR 1045 (28000): Access denied for user 'user'#'remote-host' (using password: YES)
The problem is that user 'user'#'remote-host' (or 'user'#'%') does not exist, only 'user'#'localhost' does.
Is there a way to force remote host, without server-side modifications into thinking that i come from localhost? That's the only reason I would do the connection via ssh tunnel anyway.
Note:
If I want to connect with this command:
mysql -h localhost -P 33306 -uuser -ppassword
I get this error:
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
Additional data:
On remote server in /etc/hosts the values are like this:
127.0.0.1 localhost
remote-ip remote-host

The simple way to create MySQL Tunnel to REMOTE HOST:
$ ssh -fNL TEMP_PORT:localhost:MYSQL_SERVER_PORT USER#SERVER_NAME
Test:
$ mysql -u root -p -h 127.0.0.1 -P TEMP_PORT

Please note that localhost and 127.0.0.1 are treated differently in mysql on unix.
Quoting:
On Unix, MySQL programs treat the host name localhost specially, in a way that is likely different from what you expect compared to other network-based programs. For connections to localhost, MySQL programs attempt to connect to the local server by using a Unix socket file
http://dev.mysql.com/doc/refman/5.7/en/connecting.html:
Furthermore, mysql client would silently try to use a socket file even if you explicitly specify -P on your command line:
This occurs even if a --port or -P option is given to specify a port number. To ensure that the client makes a TCP/IP connection to the local server, use --host or -h to specify a host name value of 127.0.0.1
Effectively, using this command
mysql -h localhost -P 33306 -uuser -ppassword
you're simply trying to connect to your local mysqld which is missing
Considering this, your question boils down to connecting to a remote server available over a domain socket.
If installing additional software meets your requirements 'without server-side modifications' you could use socat as described here:
https://www.debian-administration.org/users/dkg/weblog/68.
Tailored for mysql, it could work as follows:
install socat on both ends
socat "UNIX-LISTEN:your_local_path/mysql.sock,reuseaddr,fork" EXEC:'ssh user#remote-host socat STDIO UNIX-CONNECT\:/your_server_path/mysql.sock"
mysql -S your_local_path/mysql.sock -u user

Related

Mysql-Client Jumphost from Local Client to Webserver to DB Server without DB Server SSH User

My scenario looks as follows:
I have a web server and a DB server. On the webserver I have an SSH user with which I can connect to the database via mysql-client. The mysql port is restricted to the IP address of the webserver and I don't have an SSH user on the DB server.
I thought that some kind of SSH tunnel should be possible here, but I couldn't wrap my head around it yet.
I would have imagined something along these lines:
Tunnel: 127.0.0.1:9999 -> Webserver.IP:9999 -> DBserver.IP:3306
Mysql-Client CMD: mysql -u db_user -h 127.0.0.1 -p -P 9999
If anyone can share an idea on if and how this can be implemented I would be very grateful.
I have found a solution that works for me..
Establish connection and keep it open:
ssh -L 9999:[DB-SERVER.IP]:3306 [SSH-USER]#[WEB-SERVER.IP]
Connect to the local source port:
mysql -h 127.0.0.1 -P 9999 -u [DB-USER] -p

Intellij Connect to Docker MySQL DB

I have a problem connecting to a docker mysql DB through the Intellij UI.
I am able to connect using the following command through the terminal:
mysql -h localhost -P 3306 --protocol=tcp -u root -p db_name --password=password
Note the user of the --protocol flag, without this I could not connect. In addition, I assume that since I can connect through the terminal to the docker DB then setup is correct, i.e. the port is exposed and I am able to connect.
In Intellij I use the following connection settings - I am not sure where you specify the protocol of the connection, in case this resolved the issue. I've also tried using 127.0.0.1 instead of localhost which as I read will use the tcp protocol. But no luck.
I've tried the latest MYSQL Driver (8) for the connection as well as the MySQL for 5.1 version.
The error I get is the following(though the password and username are triple checked, and I am able to connect through the terminal):
The specified database user/password combination is rejected:
[28000][1045] Access denied for user 'root'#'localhost' (using
password: YES)
Any help or guidance would be much appreciated.

Sqlalchemy and DBvisualizer failing with port fowarding

To connect to our database, we need to use port forward to connect to the remote instance.
ssh -i [ssh Key] -f -N -L [local port]:[host]:[remote port] [user]#[remote ip]
Afterwards, I can then use this command to access the remote database.
mysql -h 127.0.0.1 -P [local port] -u [database user] -p
If I use the local settings in something like SQLAlchemy or DbVisualizer however, I get
Access denied for user [user]#'10.0.1.70' (using password:
YES)
I know the password is correct, so what am I missing in my understanding? What is the difference here between the cli and these other interfaces?
For DbVisualizer, have you tried specifying Database Server as "localhost", as described here:
http://confluence.dbvis.com/display/UG100/Using+an+SSH+Tunnel
Best Regards
Hans Bergsten (DbVisualizer developer)

Accessing to mysql from host to container in cli

I created my container like this:
$ docker run -d -p 33060:3306 myimage
Then I try connect from host to mysql server in container:
$ mysql -uroot -proot -P 33060
I got this error:
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
It odd because in Navicat only I changed the port and work fine:
But If I have the IP of the container:
$ docker inspect --format '{{ .NetworkSettings.IPAddress }}' mycontainer
172.17.0.55
Then I can connect to mysql server successfully:
$ mysql -uroot -proot -h 172.17.0.55
But it is a tedious task have to check the ip each time I create a new container to connect to mysql. There any settings I can do to make this task simpler?
This is not a Docker issue. By default the mysql command-line client will connect to a local (Unix) socket instead of a network one, even if you specify -P.
This behavior is described in the documentation:
On Unix, MySQL programs treat the host name localhost specially, in a way that is likely different from what you expect compared to other network-based programs. For connections to localhost, MySQL programs attempt to connect to the local server by using a Unix socket file. This occurs even if a --port or -P option is given
You have to pass the -hlocalhost option, or you can set your connection defaults in /etc/mysql/my.cnf

MySQL Database Connection via SSH Tunnel

i have a problem with our new database. The only way to access the database is throw a SSH tunnel. But it doesn't work...
I use following commands:
sshpass -p <PASSWORD> ssh <USER>#<DOMAIN> -p <PORT> -L 3306:localhost:3306 -f -N
I think the ssh tunnel works and is established.
Now I want to connect via Shell-File the database.
deposit=`mysql -h localhost --port=3306 -u <DATABASEUSER> --password=<DATABASEPASSWORD> --skip-column-names -e "<MYSQLSYNTAX>"`
But there is always folowing error:
ERROR 1045 (28000): Access denied for user '<DATABASEUSER>'#'localhost' (using password: YES)
Do you have any ideas or am I doing something wrong?
Thank you very much!
Assuming all your permissions are okay, it may be worth swapping localhost for 127.0.0.1.
As per the MySQL docs: http://dev.mysql.com/doc/refman/5.5/en/connecting.html
On Unix, MySQL programs treat the host name localhost specially, in a
way that is likely different from what you expect compared to other
network-based programs. For connections to localhost, MySQL programs
attempt to connect to the local server by using a Unix socket file.
This occurs even if a --port or -P option is given to specify a port
number. To ensure that the client makes a TCP/IP connection to the
local server, use --host or -h to specify a host name value of
127.0.0.1, or the IP address or name of the local server.
As I understand you are trying to create a tunnel between your computer and a remote computer that's running SQL server. In your ssh command substitute 3306:localhost:3306 with the remote computer IP address. Note this should be its internal local IP address if you are not in the same local network as the remote computer. Check your SQL Database permissions, username and password as well.