List:General Discussion« Previous MessageNext Message »
From:Paul DuBois Date:March 10 2003 5:32pm
Subject:Re: Using ssh tunnel and mysql
View as plain text  
At 11:24 -0600 3/10/03, Pete Harlan wrote:
>On Fri, Mar 07, 2003 at 05:43:29PM -0800, Jeremy Zawodny wrote:
>>  On Fri, Mar 07, 2003 at 05:37:38PM -0800, LZ Orders wrote:
>>  > Hi. I wanted to connect from a client machine to a MySQL server using
>>  > ssh. I execute the following on the local machine (the server is
>>  >
>>  >
>>  > % ssh -n -N -L
>>  >
>>  > I then try to connect from the local machine with:
>>  >
>>  > % mysql -h localhost -p 3307 --user=me --password
>>  >
>>  > But after prompting me for my password, MySQL denies me access.
>>  What if you use instead of "localhost"?
>>  Jeremy
>And what he's referring to is that the mysql client library will
>connect using the local socket if you say "-h localhost", even though
>you specified a port.  The port argument will be silently ignored.
>For some reason the developers consider this a feature.

Whether it's a feature or not, it's not always so easy to figure out
what to do.  If you specify -h localhost, it can be argued that you
really want the socket even if you specify the port.  It can be
argued conversely that if you specify the port, you should use TCP/IP
even if you specify -h localhost.

That is, if the user specifies both, it's ambiguous what the user really

>If you want to connect to localhost via TCP/IP, you have to specify
>the host by IP address (, not as "localhost".
>The developers pointed out to me (two years ago, when I submitted a
>patch to fix this bug) that what you'd really want to do is tunnel the
>*socket* from one machine to the other, not the port.  If you tunnel
>the port, you have to be sure to block access to that port from the
>outside, because outside connections to that port (on the tunneling
>client) will be tunneled too (under Linux anyway; I didn't try it
>That's potentially dangerous and not completely obvious side-effect of
>tunneling SSH ports.
>SSH doesn't allow tunneling sockets unfortunately.
>Before posting, please check:
>   (the manual)
>           (the list archive)
>To request this thread, e-mail <mysql-thread134381@stripped>
>To unsubscribe, e-mail <>
>Trouble unsubscribing? Try:

Using ssh tunnel and mysqlLZ Orders8 Mar
  • Re: Using ssh tunnel and mysqlJeremy Zawodny8 Mar
    • Re: Using ssh tunnel and mysqlKH Chiu8 Mar
    • Re: Using ssh tunnel and mysql(Pete Harlan)10 Mar
      • Re: Using ssh tunnel and mysqlPaul DuBois10 Mar
        • Re: Using ssh tunnel and mysqlPete Harlan10 Mar
          • Re: Using ssh tunnel and mysqlPaul DuBois10 Mar
          • Re: Using ssh tunnel and mysqlTonu Samuel11 Mar
      • Re: Using ssh tunnel and mysqlRick Mann10 Mar
RE: Using ssh tunnel and mysqlSebastian Stadtlich10 Mar
Re: Using ssh tunnel and mysqlRick Mann11 Mar