From: Sasha Pachev Date: April 23 1999 4:23pm Subject: Re: Secure Connections List-Archive: http://lists.mysql.com/mysql/2294 Message-Id: <37209E6A.6C73B3A3@direct1.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Fred Read wrote: > > We need to be able to implement a secure connection between > our MySQL clients - not necessarily "mysql" - and the MySQL > server. > > Section 6.14 of the manual mentions using ssh which would be > ideal as we already use it for secure remote administration, > but does not go into any detail. > > Does anyone here have any experience of using MySQL over a > ssh link between Linux and/or Solaris boxes? > If so, we would be grateful for any assistance you might be > able to offer us. > > Thanks in anticipation... > -- I have a port-forwarding utility called tcpgate that will soon have the capability of turning insecure connection into secure,but currently it cannot. Howerver you could probably hack the source a little, link it against your favorite encryption libary and it will work. It is available at http://www.sashanet.com/internet/download.html To use it, you would send up two instances of tcpgate, one on the MYSQL client host and one on the server host. The client tcpgate will listen on port 3306 and will forward traffic to the server tcpgate listening on some funny port, which in turn will forward it to mysql server on the same machine. Your applications on the client will need to connect to localhost instead of the server. As I mentioned earlier, currently there is no ecryption, but it could be added in a couple of hours if you already have stream ecryption libraries. You could probably accomplish the same trick with ssh, but I have no experience in this area, and cannot tell you much. Of course, be prepared for performance degragation, since you will have double forwarding overhead plus the overhead of enryption/decryption. -- Sasha Pachev http://www.sashanet.com/ (home) http://www.direct1.com/ (work)