Hi Warren,
i should have taken a deeper look on --ssl option, thanks for
clarification.
Well "my" ssl solution needs to run without any setup on multiple
systems, so ssh is not best choice for this task. Anyway i have to admit
ssh or even a linux-system in a virtual box is much more handy than putty :)
thx for very kind support, i'll look up mysql documentations
Thomas
Warren Young schrieb:
> Thomas Werth wrote:
>> mysql -u user -ppassword --ssl
>> works without any problems.
>
> From the MySQL manual, on --ssl:
>
> "This option is not sufficient in itself to cause an SSL connection to
> be used. You must also specify the --ssl-ca option, and possibly the
> --ssl-cert and --ssl-key options."
>
> I'm not sure if having the values in my.cnf suffices, but what I am sure
> about is that I tried your command here on my system, and it let me log
> in without complaint. I have *no* SSL of any kind going on on this
> machine. Clearly it's quietly falling back to plaintext if it can't do
> SSL for whatever reason.
>
> While Googling for the above, I couldn't find examples of successful
> Windows SSL setups; it was all from the Unixy perspective.
>
> The only thing I found that looks like it should work is this:
>
> http://dev.mysql.com/doc/refman/5.0/en/windows-and-ssh.html
>
> It gives the same security as SSL, but without needing special help on
> the client or server side, since ssh generally Just Works (TM). The
> downside is that it's a little more involved to set up each individual
> connection. I use much this same setup to do things like accessing a
> web server that's behind a firewall that only lets ssh through. It
> works beautifully, and I can second the recommendation for SecureCRT. I
> *live* in SecureCRT on my Windows machine, and have for years. It's
> just plain awesome. I shake my head when I see people recommending
> PuTTY instead...dreadful software...ptui! If you had to have something
> free, I'd recommend using Cygwin's command-line ssh over PuTTY, any day.
>
> If you need real SSL, I suggest you take it up on the main MySQL mailing
> list. It's probably just a configuration problem somewhere.
>
