Date: Tue, 21 Oct 2008 05:09:26 +0200 From: Peter Boosten <peter@boosten.org> To: John Almberg <jalmberg@identry.com> Cc: freebsd-questions@freebsd.org Subject: Re: mysql connection through ssl tunnel Message-ID: <48FD47E6.8040201@boosten.org> In-Reply-To: <6E564226-98BE-4464-BA6C-A95848F02ABC@identry.com> References: <C8E2ADAA-6D31-4014-8BA0-962CBE6D49E5@identry.com> <1479DAD4-A72B-415E-B8B0-FDEA810161ED@identry.com> <6E564226-98BE-4464-BA6C-A95848F02ABC@identry.com>
next in thread | previous in thread | raw e-mail | index | archive | help
John Almberg wrote: > > I tried this, and not surprisingly, it didn't work. Now I'm trying to > debug it... > Maybe some mixup in the keys? In my example ssh tries to read the private key of root on the connecting server, so the server where the database is located, because init is run as root. If you need another key, then you need to specify this with the -i parameter. > Question... if I want to ssh from the database server to the application > server (in the direction show -R), I need to use port 48444 (not the > actual port, but something high). In other words, I need to do something > like: > > ssh admin@example.com -p 48444 > > Does this ssh port have anything to do with trying to start this ssh > tunnel? In other words, do I need to add a '-p 48420' to the ttyv7 command? > The command given shows a connection between the two ports (in my case 3306). One of them would then be 48420 (the first one). thus: ttyv7 "/usr/bin/ssh -l admin -nNTx -R 48420:local.domain.tld:3306 remote.domain.tld >/dev/null 2>&1" unknown on This works by allocating a socket to listen to 48420 on the remote side, and whenever a connection is made to this port, the connec tion is forwarded over the secure channel, and a connection is made to local.domain.tld port 3306 from the local machine. Obviously you would have to change local.domain.tld and remote.domain.tld with actual FQDN or IP addresses. Furthermore, since this connection is been made by root (which normally isn't) you need to verify the host key of the remote server (by either putting it in known_hosts of root by hand, or make the connection once from the prompt and answer 'y', or putting the key in /etc/ssh/ssh_known_hosts. The connection on the remote host indeed is made with mysql -h 127.0.0.1 -P 48420 -u user -p password db regards Peter -- http://www.boosten.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48FD47E6.8040201>