From owner-freebsd-questions@FreeBSD.ORG Mon Oct 20 21:21:06 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 916D01065684 for ; Mon, 20 Oct 2008 21:21:06 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from QMTA01.westchester.pa.mail.comcast.net (qmta01.westchester.pa.mail.comcast.net [76.96.62.16]) by mx1.freebsd.org (Postfix) with ESMTP id 3A14E8FC2F for ; Mon, 20 Oct 2008 21:21:05 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from OMTA11.westchester.pa.mail.comcast.net ([76.96.62.36]) by QMTA01.westchester.pa.mail.comcast.net with comcast id V6WX1a0280mv7h0519M5gG; Mon, 20 Oct 2008 21:21:05 +0000 Received: from koitsu.dyndns.org ([69.181.141.110]) by OMTA11.westchester.pa.mail.comcast.net with comcast id V9LM1a00F2P6wsM3X9LM5G; Mon, 20 Oct 2008 21:20:22 +0000 X-Authority-Analysis: v=1.0 c=1 a=RKkG93-lVyoA:10 a=QycZ5dHgAAAA:8 a=5QQKvTqy2HnQ6I9mfOUA:9 a=IGXD2hA0r_V2ZrdC0NXUUF6IeYcA:4 a=EoioJ0NPDVgA:10 a=LY0hPdMaydYA:10 Received: by icarus.home.lan (Postfix, from userid 1000) id BF5F2C9432; Mon, 20 Oct 2008 14:21:03 -0700 (PDT) Date: Mon, 20 Oct 2008 14:21:03 -0700 From: Jeremy Chadwick To: John Almberg Message-ID: <20081020212103.GA13334@icarus.home.lan> References: <8B945891-5F96-4FBF-8175-15F67F03DD92@identry.com> <48D8F881.1010000@unsane.co.uk> <912A74FB-0292-4A53-B480-34FE69D9C465@identry.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <912A74FB-0292-4A53-B480-34FE69D9C465@identry.com> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-questions@freebsd.org Subject: Re: mysql connection through ssl tunnel X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Oct 2008 21:21:06 -0000 On Mon, Oct 20, 2008 at 03:25:23PM -0400, John Almberg wrote: > On Sep 23, 2008, at 10:09 AM, Vincent Hoffman wrote: >> John Almberg wrote: >>> I have two FreeBSD machines. One is a application server, the other a >>> database server running mysql. These machines are in two different >>> locations. I'd like to allow the application server to access mysql >>> through an SSH tunnel. I'm somewhat amazed at the fact that everyone so far has gone completely wild with SSH to solve this problem. Has anyone made the OP aware that MySQL *does* in fact support SSL natively, and that it can be used between client and server, as well as between master and slave (for replication)? The SSH tunnelling idea is fine if you want to access a MySQL server behind a firewall or on a private network, but I'm a bit confused as to why everyone's going to great lengths to use SSH to accomplish something MySQL has support for natively. Please clue me in. :-) -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |