Goal: Connect to MySQL server securely using SSH.
Instead of opening a port to connect directly, a SSH tunnel will be created first that will carry out all the communication securely between my laptop and remote server.
I have this setup:
- Windows 7.
- SQLyog Community edition (version 8.18, I really like this version)
- SSH enabled
- MySQL server listening in localhost traditional 3306 port.
Alternative, unsecure method:
- Bind mysql to listen to any network card
- Allow the user to connect from any ip (% wildcard).
- More details can be found here for example.
A better approach: using the SSH tunnel. What’s missing? Following the instructions from this blog entry, pretty much I set it up without problems. The only difference is that I use Git for windows as my environment to create the tunnel and SQLyog as my tool.
Since I already have a local MySQL service running in my laptop, instead of having the local port listening to the traditional 3306, I will have it listen on 3307, it will also make the example a little bit clearer.
On your gitbash type:
ssh -L 3307:localhost:3306 email@example.com
Where username is the name of the account at the remote server; and remoteserver.com should be replace either by the IP or name of your remote host. The only caveat is that even if you add -N as somebody pointed out in the comments from the link provided, in Gitbash it seems that the process won’t run in the background, thus, if you close your window, the connection will be lost. In my case, I am fine with another window running the process.
After you have successfully logged in to your remote host, open SQLyog and create a connection, something like:
Behind the scenes, this is what’s happening:
- Your SQLyog connects to localhost on port 3307.
- The ssh connection (bound to port 3307 locally) forwards that to the remote server (no more plaintext going thru the Internet).
- The ssh service at the remote server creates a local connection to the mysql service. This is done transparently, there is no need to configure anything for the ssh service nor the mysql service.
That’s it! Your connection is now secure you have some extra benefits:
- You can bind your mysql service to localhost, no need to open the service to listen on all IP addresses.
- You don’t have to add any other users to your mysql server, use the ones that are created for localhost, you can even use your root user to do some management tasks.
This video guides you to do it using putty and MySQL Query Browser: http://www.youtube.com/watch?v=kJqTLCXPzg4
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.
Post InfoThis entry was posted on Sunday, October 16th, 2011 and is filed under MySQL, Windows.
Previous Post: Announcing a new PHP DICOM toolkit: Nanodicom »
Read MoreRelated Reading:
- How to connect to Mysql using SSH in Windows
- Announcing a new PHP DICOM toolkit: Nanodicom
- Nuevo Portal LoteriaFutbol.com: La Polla del Mundial Sudáfrica 2010.
- Kohana 3: AUTH, A2 & ACL
- Kohana[v2.3]: AUTH, A2 & ACL
- Real NAT on Windows XP
- New home for this package
- File_DICOM.php update
- The unofficial File_DICOM.php v 0.3
- DICOM php