From owner-freebsd-questions@FreeBSD.ORG Tue Oct 21 03:09:31 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 35808106566B for ; Tue, 21 Oct 2008 03:09:31 +0000 (UTC) (envelope-from peter@boosten.org) Received: from smtpq2.tb.mail.iss.as9143.net (smtpq2.tb.mail.iss.as9143.net [212.54.42.165]) by mx1.freebsd.org (Postfix) with ESMTP id BC8128FC0A for ; Tue, 21 Oct 2008 03:09:30 +0000 (UTC) (envelope-from peter@boosten.org) Received: from [212.54.42.139] (port=46681 helo=smtp8.tb.mail.iss.as9143.net) by smtpq2.tb.mail.iss.as9143.net with esmtp (Exim 4.69) (envelope-from ) id 1Ks7cf-0001NQ-Ew; Tue, 21 Oct 2008 05:09:29 +0200 Received: from cp268254-a.landg1.lb.home.nl ([84.25.65.88] helo=ra.egypt.nl) by smtp8.tb.mail.iss.as9143.net with esmtp (Exim 4.69) (envelope-from ) id 1Ks7cd-0007pk-Sj; Tue, 21 Oct 2008 05:09:27 +0200 Received: from [127.0.0.1] (xp.egypt.nl [192.168.13.35]) by ra.egypt.nl (Postfix) with ESMTP id 4E2BD39841; Tue, 21 Oct 2008 05:09:26 +0200 (CEST) Message-ID: <48FD47E6.8040201@boosten.org> Date: Tue, 21 Oct 2008 05:09:26 +0200 From: Peter Boosten User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: John Almberg References: <1479DAD4-A72B-415E-B8B0-FDEA810161ED@identry.com> <6E564226-98BE-4464-BA6C-A95848F02ABC@identry.com> In-Reply-To: <6E564226-98BE-4464-BA6C-A95848F02ABC@identry.com> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-ZiggoSMTP-MailScanner-Information: Please contact the ISP for more information X-ZiggoSMTP-MailScanner-ID: 1Ks7cd-0007pk-Sj X-ZiggoSMTP-MailScanner: Found to be clean X-ZiggoSMTP-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-2.6, required 5, autolearn=not spam, BAYES_00 -2.60, SPF_PASS -0.00) X-ZiggoSMTP-MailScanner-From: peter@boosten.org X-Spam-Status: No Cc: freebsd-questions@freebsd.org Subject: Re: mysql connection through ssl tunnel X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Oct 2008 03:09:31 -0000 John Almberg wrote: > > I tried this, and not surprisingly, it didn't work. Now I'm trying to > debug it... > Maybe some mixup in the keys? In my example ssh tries to read the private key of root on the connecting server, so the server where the database is located, because init is run as root. If you need another key, then you need to specify this with the -i parameter. > Question... if I want to ssh from the database server to the application > server (in the direction show -R), I need to use port 48444 (not the > actual port, but something high). In other words, I need to do something > like: > > ssh admin@example.com -p 48444 > > Does this ssh port have anything to do with trying to start this ssh > tunnel? In other words, do I need to add a '-p 48420' to the ttyv7 command? > The command given shows a connection between the two ports (in my case 3306). One of them would then be 48420 (the first one). thus: ttyv7 "/usr/bin/ssh -l admin -nNTx -R 48420:local.domain.tld:3306 remote.domain.tld >/dev/null 2>&1" unknown on This works by allocating a socket to listen to 48420 on the remote side, and whenever a connection is made to this port, the connec tion is forwarded over the secure channel, and a connection is made to local.domain.tld port 3306 from the local machine. Obviously you would have to change local.domain.tld and remote.domain.tld with actual FQDN or IP addresses. Furthermore, since this connection is been made by root (which normally isn't) you need to verify the host key of the remote server (by either putting it in known_hosts of root by hand, or make the connection once from the prompt and answer 'y', or putting the key in /etc/ssh/ssh_known_hosts. The connection on the remote host indeed is made with mysql -h 127.0.0.1 -P 48420 -u user -p password db regards Peter -- http://www.boosten.org