Re: mysql connection through ssl tunnel
- From: John Almberg <jalmberg@xxxxxxxxxxx>
- Date: Mon, 20 Oct 2008 17:16:45 -0400
On Oct 20, 2008, at 4:50 PM, John Almberg wrote:
After a few hours of work today, I have all this working perfectly. I'm
using autossh to automatically create and monitor the ssh tunnel, and I
can make mysql connections through the tunnel with no problems. Very cool.
And that's through PF firewalls on both machines, which added flavor to
the exercise ;-)
One question... and maybe this is a general, philosophical question...
If autossh watches over my ssh tunnel, who or what watches over autossh?
As a related question, how can I make autossh start automatically after
a reboot? At the moment, I start autossh from the command line, like so:
autossh -M 20000 -fNg -L 33006:127.0.0.1:3306 admin@xxxxxxxxxxxxxxx
There doesn't seem to be an rc.d file for autossh... Do I have to figure
out how to make one?
You can do this all by not using autossh at all: let init watch and
re-establish your ssh tunnel:
This is in my /etc/ttys (wrapped for readability):
ttyv8 "/usr/bin/ssh -l syslogng -nNTx -R 3306:local.domain.tld:3306
remote.domain.tld >/dev/null 2>&1" unknown on
I let my central machine control the tunnel, not the sending one.
H'mmm... This is new territory for me. I've just read some of the man pages and a few pages in Absolute BSD, and I guess I sort of understand what this does. I'm trying to grasp the connection between virtual terminals and this SSH tunnel...
I guess my main question is, if I start the tunnel with this method, will I be able to access mysql in 'the usual way'? The following works with my autossh tunnel:
mysql -h127.0.0.1 -P33006 -uuser -ppassword db
So, if using the /etc/ttys file is equivalent, and I make the connection on the database server, rather than the client server, then I guess my ttys file should look like this (my ttyv8 is already used... I am guessing I should use the next one down):
ttyv7 "/usr/bin/ssh -l admin -nNTx -R 3306:127.0.0.1:33006 example.com >/dev/null 2>&1" unknown on
Where 'admin' is the user I am logging into on the remote machine, and 'example.com' is the hostname of the remote machine. I guess equivalent to the following?
ttyv7 "/usr/bin/ssh -nNTx -R 3306:127.0.0.1:33006 admin@xxxxxxxxxxx >/dev/null 2>&1" unknown on
Port 33006 is not a typo. There are databases running on both machines, so I need to use a different port for the tunnel.
And as far as I can tell, I reload /etc/ttys with 'kill -1 1'.
This looks dangerous...
-- John
I tried this, and not surprisingly, it didn't work. Now I'm trying to debug it...
Question... if I want to ssh from the database server to the application server (in the direction show -R), I need to use port 48444 (not the actual port, but something high). In other words, I need to do something like:
ssh admin@xxxxxxxxxxx -p 48444
Does this ssh port have anything to do with trying to start this ssh tunnel? In other words, do I need to add a '-p 48420' to the ttyv7 command?
-- John
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: mysql connection through ssl tunnel
- From: Peter Boosten
- Re: mysql connection through ssl tunnel
- References:
- Fwd: mysql connection through ssl tunnel
- From: John Almberg
- Fwd: mysql connection through ssl tunnel
- Prev by Date: Re: error installing kmymoney2 on amd64 system running freebsd 6.3
- Next by Date: Re: mysql connection through ssl tunnel
- Previous by thread: Fwd: mysql connection through ssl tunnel
- Next by thread: Re: mysql connection through ssl tunnel
- Index(es):
Relevant Pages
|
