[TriLUG] [MySQL] seeking ssh tunnel advice

Scott G. Hall ScottGHall at BellSouth.Net
Sat Jan 12 03:46:56 EST 2008 

(Crossposted from TriPUG discussion list, apologies for any duplicates).

I thought that this group could better answer this question, and so I ...


-------- Original Message --------
Subject: 	[TriPUG] [MySQL] seeking ssh tunnel advice, was: [MySQL] 
securing remote access
Date: 	Fri, 11 Jan 2008 23:22:16 -0500
From: 	Tom Roche <Tom_Roche at pobox.com>
Reply-To: 	Tom_Roche at pobox.com, tripug at lists.tripug.org
To: 	TriPUG at lists.tripug.org



As previously mentioned, I'm setting up a private network as a testbed
for 2 boxes running MySQL (et al). They are currently (i.e.
pre-deployment) behind a Netgear WGR614v6 router (with latest
firmware) doing DHCP, port-forwarding, and DDNS. I currently have a
setup like (names changed hopefully for clarity):

                               box1
                              /
Roadrunner -- modem -- router
                              \
                               box2

(all connections cabled)

netgear.dyndns.org=DDNS name for the router
192.168.0.11=stable IP# for box 1, hostname=box1
192.168.0.12=stable IP# for box 2, hostname=box2

box1 has OS account=os1 and MySQL account=mysql1
box2 has OS account=os2 and MySQL account=mysql2

router forwards   22 -> 192.168.0.12:22
                 3306 -> 192.168.0.12:3306 # to be deleted!
(note both forwards are to box2)

I believe both forwards work, because (from my laptop, outside the PN)
I can do

$ ssh os2 at netgear.dyndns.org
os2 at box2:~$ hostname
os2

(Note no password prompt: I have ssh-agent setup on the laptop.) By
contrast,

$ ssh os1 at netgear.dyndns.org

gets "Permission denied", and I get a reasonable response from

$ mysqladmin -h netgear.dyndns.org -u mysql2 version

but an error from

$ mysqladmin -h netgear.dyndns.org -u mysql1 version

However I *do not* want to forward 3306: I want to tunnel it over ssh.
Based on my reading, ISTM I should be able to do

$ ssh -fNL 3306:192.168.0.12:3306 os2 at netgear.dyndns.org &
$ mysqladmin -h netgear.dyndns.org -u mysql2 version

and get the happy response. I believed (note past tense) the ssh
invocation above was correct because

* 3306 is the MySQL default port, and I haven't changed that

* 192.168.0.12 is the IP# which netgear.dyndns.org assigns to box2

* I can ssh to os2 at netgear.dyndns.org (see above)

However if in fact I utter

$ ssh -fNL 3306:192.168.0.12:3306 os2 at netgear.dyndns.org &
$ mysqladmin -h netgear.dyndns.org -u mysql2 version

*in the same shell*, I get

 > error: 'Can't connect to MySQL server on 'netgear.dyndns.org' (10061)'
 > Check that mysqld is running on netgear.dyndns.org and that the port 
is 3306.
 > You can check this by doing 'telnet netgear.dyndns.org 3306'

but if I turn on port-forwarding of 3306, and do

$ mysqladmin -h netgear.dyndns.org -u mysql2 version

*in the same shell*, I get the happy response. Therefore

$ ssh -fNL 3306:192.168.0.12:3306 os2 at netgear.dyndns.org

must be uttered incorrectly ... no?

Am I missing something? If not, what do I need to do to make the ssh
tunnel work?

TIA, Tom Roche <Tom_Roche at pobox.com>

_______________________________________________
TriPUG mailing list http://www.tripug.org
TriPUG at lists.tripug.org
http://lists.tripug.org/mailman/listinfo/tripug

More information about the TriLUG mailing list