From owner-freebsd-questions@FreeBSD.ORG  Tue Sep 23 13:54:14 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 47E5F1065678
	for <freebsd-questions@freebsd.org>;
	Tue, 23 Sep 2008 13:54:14 +0000 (UTC)
	(envelope-from jalmberg@identry.com)
Received: from mx1.identry.com (on.identry.com [66.111.0.194])
	by mx1.freebsd.org (Postfix) with ESMTP id DC2978FC23
	for <freebsd-questions@freebsd.org>;
	Tue, 23 Sep 2008 13:54:13 +0000 (UTC)
	(envelope-from jalmberg@identry.com)
Received: (qmail 90166 invoked by uid 89); 23 Sep 2008 13:54:12 -0000
Received: from unknown (HELO ?192.168.1.4?) (jalmberg@68.222.160.47)
	by mx1.identry.com with ESMTPA; 23 Sep 2008 13:54:12 -0000
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Transfer-Encoding: 7bit
Message-Id: <8B945891-5F96-4FBF-8175-15F67F03DD92@identry.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: freebsd-questions@freebsd.org
From: John Almberg <jalmberg@identry.com>
Date: Tue, 23 Sep 2008 09:54:10 -0400
X-Mailer: Apple Mail (2.752.3)
Subject: mysql connection through ssl tunnel
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Sep 2008 13:54:14 -0000

I have two FreeBSD machines. One is a application server, the other a  
database server running mysql. These machines are in two different  
locations. I'd like to allow the application server to access mysql  
through an SSH tunnel.

Being a newbie admin, I've never set up an SSH tunnel. I've been  
reading about them all morning and (as always) there seems to be more  
than one way to skin this cat.

I'm looking for ease of set up and maintenance, as well as security  
(which I assume is a given.) I'd prefer NOT to have to recompile the  
kernels (pure cowardice... the application server is a production  
server that I don't want to experiment with.) Both servers have OpenSSL.

Any recommendations, much appreciated.

Thanks: John