Date: Mon, 20 Oct 2008 17:45:55 -0400 From: John Almberg <jalmberg@identry.com> To: freebsd-questions@freebsd.org Subject: Re: mysql connection through ssl tunnel Message-ID: <007ABF71-6D85-4849-A9E7-933D18236EE8@identry.com> In-Reply-To: <20081020212103.GA13334@icarus.home.lan> References: <8B945891-5F96-4FBF-8175-15F67F03DD92@identry.com> <48D8F881.1010000@unsane.co.uk> <912A74FB-0292-4A53-B480-34FE69D9C465@identry.com> <20081020212103.GA13334@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Oct 20, 2008, at 5:21 PM, Jeremy Chadwick wrote: > On Mon, Oct 20, 2008 at 03:25:23PM -0400, John Almberg wrote: >> On Sep 23, 2008, at 10:09 AM, Vincent Hoffman wrote: >>> John Almberg wrote: >>>> I have two FreeBSD machines. One is a application server, the >>>> other a >>>> database server running mysql. These machines are in two different >>>> locations. I'd like to allow the application server to access mysql >>>> through an SSH tunnel. > > I'm somewhat amazed at the fact that everyone so far has gone > completely > wild with SSH to solve this problem. > > Has anyone made the OP aware that MySQL *does* in fact support SSL > natively, and that it can be used between client and server, as > well as > between master and slave (for replication)? > > The SSH tunnelling idea is fine if you want to access a MySQL server > behind a firewall or on a private network, but I'm a bit confused > as to > why everyone's going to great lengths to use SSH to accomplish > something > MySQL has support for natively. > > Please clue me in. :-) Hi Jeremy, There are two PF firewalls in the mix, one at each end. The two machines are in different data centers. Actually, that is motivation behind this exercise. The client wants the database in his own data center, since it contains information he needs to have physical control over. I do know that Mysql supports SSL... somehow this got discounted early in the discussion, perhaps mistakenly? Anyway, the autossh option works perfectly, so I think I will stick with that unless there's a good reason not to. I have Monit running on the remote server, so I can probably monitor/restart autossh with that (with another few hours reading, of course :-) -- John
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007ABF71-6D85-4849-A9E7-933D18236EE8>