Date: Mon, 20 Oct 2008 16:50:05 -0400 From: John Almberg <jalmberg@identry.com> To: freebsd-questions@freebsd.org Subject: Fwd: mysql connection through ssl tunnel Message-ID: <1479DAD4-A72B-415E-B8B0-FDEA810161ED@identry.com> References: <C8E2ADAA-6D31-4014-8BA0-962CBE6D49E5@identry.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> >> After a few hours of work today, I have all this working >> perfectly. I'm >> using autossh to automatically create and monitor the ssh tunnel, >> and I >> can make mysql connections through the tunnel with no problems. >> Very cool. >> >> And that's through PF firewalls on both machines, which added >> flavor to >> the exercise ;-) >> >> One question... and maybe this is a general, philosophical >> question... >> >> If autossh watches over my ssh tunnel, who or what watches over >> autossh? >> >> As a related question, how can I make autossh start automatically >> after >> a reboot? At the moment, I start autossh from the command line, >> like so: >> >>> autossh -M 20000 -fNg -L 33006:127.0.0.1:3306 admin@dbs.example.com >> >> There doesn't seem to be an rc.d file for autossh... Do I have to >> figure >> out how to make one? >> > > You can do this all by not using autossh at all: let init watch and > re-establish your ssh tunnel: > > This is in my /etc/ttys (wrapped for readability): > > ttyv8 "/usr/bin/ssh -l syslogng -nNTx -R 3306:local.domain.tld:3306 > remote.domain.tld >/dev/null 2>&1" unknown on > > I let my central machine control the tunnel, not the sending one. H'mmm... This is new territory for me. I've just read some of the man pages and a few pages in Absolute BSD, and I guess I sort of understand what this does. I'm trying to grasp the connection between virtual terminals and this SSH tunnel... I guess my main question is, if I start the tunnel with this method, will I be able to access mysql in 'the usual way'? The following works with my autossh tunnel: mysql -h127.0.0.1 -P33006 -uuser -ppassword db So, if using the /etc/ttys file is equivalent, and I make the connection on the database server, rather than the client server, then I guess my ttys file should look like this (my ttyv8 is already used... I am guessing I should use the next one down): ttyv7 "/usr/bin/ssh -l admin -nNTx -R 3306:127.0.0.1:33006 example.com >/dev/null 2>&1" unknown on Where 'admin' is the user I am logging into on the remote machine, and 'example.com' is the hostname of the remote machine. I guess equivalent to the following? ttyv7 "/usr/bin/ssh -nNTx -R 3306:127.0.0.1:33006 admin@example.com >/dev/null 2>&1" unknown on Port 33006 is not a typo. There are databases running on both machines, so I need to use a different port for the tunnel. And as far as I can tell, I reload /etc/ttys with 'kill -1 1'. This looks dangerous... -- John ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Websites and Marketing for On-line Collectible Dealers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Identry, LLC John Almberg (631) 546-5079 jalmberg@identry.com www.identry.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1479DAD4-A72B-415E-B8B0-FDEA810161ED>