List:General Discussion« Previous MessageNext Message »
From:Paul DuBois Date:March 10 2003 5:32pm
Subject:Re: Using ssh tunnel and mysql
View as plain text  
At 11:24 -0600 3/10/03, Pete Harlan wrote:
>On Fri, Mar 07, 2003 at 05:43:29PM -0800, Jeremy Zawodny wrote:
>>  On Fri, Mar 07, 2003 at 05:37:38PM -0800, LZ Orders wrote:
>>  > Hi. I wanted to connect from a client machine to a MySQL server using
>>  > ssh. I execute the following on the local machine (the server is
>>  > foo.bar.com):
>>  >
>>  > % ssh -n -N -L 3307:foo.bar.com:3306 foo.bar.com
>>  >
>>  > I then try to connect from the local machine with:
>>  >
>>  > % mysql -h localhost -p 3307 --user=me --password
>>  >
>>  > But after prompting me for my password, MySQL denies me access.
>>
>>  What if you use 127.0.0.1 instead of "localhost"?
>>
>>  Jeremy
>
>And what he's referring to is that the mysql client library will
>connect using the local socket if you say "-h localhost", even though
>you specified a port.  The port argument will be silently ignored.
>For some reason the developers consider this a feature.

Whether it's a feature or not, it's not always so easy to figure out
what to do.  If you specify -h localhost, it can be argued that you
really want the socket even if you specify the port.  It can be
argued conversely that if you specify the port, you should use TCP/IP
even if you specify -h localhost.

That is, if the user specifies both, it's ambiguous what the user really
wants.

>
>If you want to connect to localhost via TCP/IP, you have to specify
>the host by IP address (127.0.0.1), not as "localhost".
>
>The developers pointed out to me (two years ago, when I submitted a
>patch to fix this bug) that what you'd really want to do is tunnel the
>*socket* from one machine to the other, not the port.  If you tunnel
>the port, you have to be sure to block access to that port from the
>outside, because outside connections to that port (on the tunneling
>client) will be tunneled too (under Linux anyway; I didn't try it
>elsewhere).
>
>That's potentially dangerous and not completely obvious side-effect of
>tunneling SSH ports.
>
>SSH doesn't allow tunneling sockets unfortunately.
>
>--Pete
>
>---------------------------------------------------------------------
>Before posting, please check:
>    http://www.mysql.com/manual.php   (the manual)
>    http://lists.mysql.com/           (the list archive)
>
>To request this thread, e-mail <mysql-thread134381@stripped>
>To unsubscribe, e-mail <mysql-unsubscribe-paul=snake.net@stripped>
>Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Thread
Using ssh tunnel and mysqlLZ Orders8 Mar
  • Re: Using ssh tunnel and mysqlJeremy Zawodny8 Mar
    • Re: Using ssh tunnel and mysqlKH Chiu8 Mar
    • Re: Using ssh tunnel and mysql(Pete Harlan)10 Mar
      • Re: Using ssh tunnel and mysqlPaul DuBois10 Mar
        • Re: Using ssh tunnel and mysqlPete Harlan10 Mar
          • Re: Using ssh tunnel and mysqlPaul DuBois10 Mar
          • Re: Using ssh tunnel and mysqlTonu Samuel11 Mar
      • Re: Using ssh tunnel and mysqlRick Mann10 Mar
RE: Using ssh tunnel and mysqlSebastian Stadtlich10 Mar
Re: Using ssh tunnel and mysqlRick Mann11 Mar