I have a ubuntu server which I've locked down to only HTTP, HTTPS and SSH (port 30000). On this box I have a MySQL server which 99.9% of the time is only used locally. Every now and then I want to connect to the MySQL instance with the GUI tools, but without touching the firewall.
Therefore, it is possible to set things up so that I can connect to the MySQL box with the SSH connection? Is there any sort of port forwarding magic I can do?
ssh -L localport:127.0.0.1:remoteport user#remotehost
where localport is an unbound port on your local system, remoteport is the port on which MySQL listens, 127.0.0.1 is the loopback address on your remote system, user is your user name and remotehost is the address of the remote system.
Then point your MySQL client to 127.0.0.1:localport. The connection will be forwarded over the SSH tunnel to the remote port.
If you are using Windows or Unix on your local machine, PuTTY is an excellent tool for this. Here's a tutorial on port forwarding:
http://www.cs.uu.nl/technical/services/ssh/putty/puttyfw.html
Set up a tunnel using the SSH client to map a local port, through the tunnel, to a port on the remote machine, then connect to the local port using the client.
man ssh will have the gory details, but you're probably better off searching the web for something a wee bit easier to read.
I'd suggest using HeidiSQL if you are on Windows. It handles the SSH tunnel by itself (you just need to download the plink.exe utility).
In my humble opinion, it is the best MySQL tool out there (and it's free and open source).
There two ways to use the GUI mysql tools on a remote MYSQL machine.
I'm assuming the remote machine is running linux.
Option 1.
SSH port forwarding.
ssh -L 3306:proxy:3306 username#remotehost
Basically you forward port 3306 on your local machine to 3306 on your remote machine, then you tell your graphical MYSQl tool to connect to localhost:3306 and you assume that your remote machine is listening on the standard port of 3306
http://magazine.redhat.com/2007/11/06/ssh-port-forwarding/
Also ssh -D 3306 username#remotehost should be similar
Option 2.
If you are running xserver on your remote machine and have the GUI tools installed on your remote machine you can tunnel your GUI over the SSH connection.
ssh -X username#remotehost and then start your GUI tools over on remote machine from the command line.
SSH/HTTP tunneling in SQLyog is good. There is public/private key authentication which adds an additional layer of security.
I suggest looking to phpMyAdmin a web based tool to administrate MySQL, and is very good (requires PHP). It can be installed through the normal Ubuntu methods (e.g. Synaptic)
Or do X tunnelling with SSH as mentioned above.
Related
is there a valid extension for connect mysql via ssh on visual code studio?
I can't find nothing!;
I've been tryed with Mysql managment tool but seem there are not options for ssh
I guess you mean that you want to connect to MySQL via an SSH tunnel.
I don't know any specific solution for visual studio code, but if you have an extension to browse your database (and it doesn't support SSH tunneling) on its own, you can just create a ssh tunnel by yourself. Just run:
ssh -L 3306:127.0.0.1:3306 user#remotehost
And keep that session opened for the time you want to use your DB. Point your DB browser at 127.0.0.1:3306 and that's it.
Keep in mind that 127.0.0.1 in the example is the host you're tunneling TO, so if your MySQL server listens on, say, 1.3.3.7, just do -L 3306:1.3.3.7:3306.
I want to connect to my database with the tool SquirreL in ssh.
Is it possible?
Sadly I have no other options for this server, so I ll have to change of tool if it is not working.
There's no way to do it directly through Squirrel, but it's ridiculously easy (when you know how) to set up the ssh tunnel that Squirrel can use.
I'd forgotten how, and came here looking for something to refresh my memory... but I had no luck on StackOverflow, so I did the research and I'm leaving the solution here for future-me... and hopefully it'll help someone else, too.
Create the ssh tunnel:
$ ssh -v -N -L3307:localhost:3306 remotehostname
I chose to use port 3307, since I also have MySQL running locally on port 3306.
Details (or you can just skip to step 2):
3307 is the port you want to use locally to refer to the remote system.
I believe that localhost here is referring to the remote system, from its own point of view, so localhost:3306 references the the standard MySQL port on the remote system.
-v is optional; it just makes ssh's output more verbose, which can help with troubleshooting. You're not going to be using the window running ssh for anything else, so might as well let it be chatty.
-N says you're not interested in actually opening a shell on the remote host. We're here for a database connection only.
If you have the verbose option turned on, you should see a message like this:
debug1: Local connections to LOCALHOST:3307 forwarded to remote address localhost:3306
If you don't have verbose output turned on, you'll only see something like Authenticated to 10.0.1.234 (via proxy).
Set up an "alias" in Squirrel that looks something like this:
Click Test and then Connect to test your connection.
If you ran ssh with the -v option, you can watch the window while you attempt to connect via Squirrel. You should see something like this for a successful connection:
debug1: Connection to port 3307 forwarding to localhost port 3306 requested.
debug1: channel 2: new [direct-tcpip]
debug1: channel 2: free: direct-tcpip: listening port 3307 for localhost port 3306, connect from 127.0.0.1 port 54536 to 127.0.0.1 port 3307, nchannels 3
When you're done with the database, just hit CtrlC in the ssh window to kill the tunnel (if you left off the -N option, I guess you'd have to hit CtrlD to close the shell).
Sadly squirrelSQL does not support ssh tunneling. Fortunately, MySQL Workbench does support ssh tunneling so I would recommend using that instead if you are connecting to a MySQL database.
An alternative to using a different tool is to use ssh port forwarding. Essentially you can forward port 3306 (or whatever port your MySQL DB uses) from the remote box to your local box. There are a number of guides on the web on how to do this. Once the tunnel with port forwarding is established you can use a local connection string like 'localhost:3306'. to connect to the remote db. It's good idea to put the ssh connection string in a .sh or .bat file because you'll have to run when you need to connect to the DB for the first time.
I want to connect to MySQL. Unfortunately target server is accessible only from localhost. It is able to work around for example by uploading some PHP script on the server? I mean a single file rather than the entire PHPMyAdmin or something similar.
can you please elaborate more about your issue?
If you want to connect to mysql server remotely then you need to grant user in mysql users table with your local system IP range.
You could look at using ssh to tunnel the connection through your local host .. Will need to know a bit about your network layout
http://www.howtogeek.com/howto/ubuntu/access-your-mysql-server-remotely-over-ssh/
ssh -L 3306:localhost:3306 geek#webserver.com
you can use ssh tunneling for that here is a link
ssh -L 3306:localhost:3306 root#remote-mysql
The syntax is
ssh -L <localport>hostname<remoteport> <username>#<servername>.
We’re using localhost as the hostname because we are directly accessing the remote mysql server through ssh. You could also use this technique to port-forward through one ssh server to another server.
I try to migrate MSSQL (local machine) to MYSQL (Amazon Web Services) usin Workbench. I can connect to both databases. However when I migrate I get this error:
Mysql connections through SSH are not supported in this version...
Well, I found this in documentation:
A workaround is to set up an encrypted tunnel, and then treat the MySQL target as a standard TCP (unencrypted) connection.
But I don't know how to set up a tunnel. Does anyone can help?
Okay, if I'm understanding this correctly, I think I'd prefer to set up a tunnel in Putty. I don't have a solid grasp of how MySQL Workbench works (I'm assuming its analogous to SSMS), but I have used maaany SSH tunnels in my day. Here are some basic instructions:
http://www.electrictoolbox.com/putty-create-ssh-port-tunnel/
You'll want to create a local tunnel from any port you choose (although I'd go with the MySQL default 3306) to the destination of 127.0.0.1:3306. Be sure to click add and save your session settings in Putty.
Open the SSH connection to the AWS machine. Try to connect to your MySQL instance through 127.0.0.1:3306. This should allow you to pull from your local SQL Server and send data to your AWS instance (through the tunnel, 127.0.0.1:3306 of course).
Hope this helps. Let me know if this doesn't solve your issue.
If you have Amazon ec2:
On Windows machine connect using putty via ssh:
In session host name (user#public_ip_address)
Connection -> SSH -> Tunnels (Source port: 3306 OR choose free one) AND (Destination 127.0.0.1:3306)
You can check if tunnel was establihed in event log (right click on terminal bar)
In Workbench now you can use TCP/IP without SSH.
Thanks guys!
I ma following this tutorial on how to connect to a remote MySQL server, however It seems the command doesn't work and often results in Operation timed out when trying to connect to the server:
ssh mysql.xxxxx.com
I can connect directly from my hosting account but not through the Shell on my Mac OS.
There may be a firewall or other network security device in place that prevents you from being able to connect from your Mac. Also, it is possible that the MySQL server is not configured to allow inbound network connections.
You might ask your hosting provider if they filter access to the MySQL port (default is 3306), or if your host is pre-configured with a firewall, and you might check your MySQL configuration file to ensure it is listening for inbound connections.
When you ssh into a remote server, and you do not specify a user name, ssh defaults to your current user.
bobs-macbook-pro:~ bob$ ssh server.acme.com
is the same as:
bobs-macbook-pro:~ bob$ ssh bob#server.acme.com
Try using your username when 'sshing' into the remote mysql machine.
There are two ways to specify your username, either one should work.
1. bobs-macbook-pro:~ bob$ ssh bob#server.acme.com
2. bobs-macbook-pro:~ bob$ ssh server.acme.com -l bob