At 11:24 -0600 3/10/03, Pete Harlan wrote:
>On Fri, Mar 07, 2003 at 05:43:29PM -0800, Jeremy Zawodny wrote:
>> On Fri, Mar 07, 2003 at 05:37:38PM -0800, LZ Orders wrote:
>> > Hi. I wanted to connect from a client machine to a MySQL server using
>> > ssh. I execute the following on the local machine (the server is
>> > foo.bar.com):
>> > % ssh -n -N -L 3307:foo.bar.com:3306 foo.bar.com
>> > I then try to connect from the local machine with:
>> > % mysql -h localhost -p 3307 --user=me --password
>> > But after prompting me for my password, MySQL denies me access.
>> What if you use 127.0.0.1 instead of "localhost"?
>And what he's referring to is that the mysql client library will
>connect using the local socket if you say "-h localhost", even though
>you specified a port. The port argument will be silently ignored.
>For some reason the developers consider this a feature.
Whether it's a feature or not, it's not always so easy to figure out
what to do. If you specify -h localhost, it can be argued that you
really want the socket even if you specify the port. It can be
argued conversely that if you specify the port, you should use TCP/IP
even if you specify -h localhost.
That is, if the user specifies both, it's ambiguous what the user really
>If you want to connect to localhost via TCP/IP, you have to specify
>the host by IP address (127.0.0.1), not as "localhost".
>The developers pointed out to me (two years ago, when I submitted a
>patch to fix this bug) that what you'd really want to do is tunnel the
>*socket* from one machine to the other, not the port. If you tunnel
>the port, you have to be sure to block access to that port from the
>outside, because outside connections to that port (on the tunneling
>client) will be tunneled too (under Linux anyway; I didn't try it
>That's potentially dangerous and not completely obvious side-effect of
>tunneling SSH ports.
>SSH doesn't allow tunneling sockets unfortunately.
>Before posting, please check:
> http://www.mysql.com/manual.php (the manual)
> http://lists.mysql.com/ (the list archive)
>To request this thread, e-mail <mysql-thread134381@stripped>
>To unsubscribe, e-mail <mysql-unsubscribe-paul=snake.net@stripped>
>Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php