topic Re: openssh port forwarding with mysql in Operating System - HP-UX

openssh port forwarding with mysql

benoit Bruckert — Tue, 01 Apr 2003 16:02:26 GMT

Hi,
My question isn't simple, and is not specific for HP-UX, network or security, it's more a mixture of all this !!
The goal :
Through a ssh client which is connecting to internet through a routeur (nat inside the routeur) and accessing a lan sshd server (through another nat + firewall), I would like that any workstation on the LAN can connect to a mysql database which is running on the ssh client host !!
And the ssh client connection isn't permanent !!!

I succeded from the ssh client to forward local port 3306 (mysql listener) to the 3306 of the sshd server.
ssh -C -R 3306:localhost:3306
(-g doesn't seems to work on remote forwarding).
From this server I can connect to mysqld through the tunnel, but only if I'm using the host 127.0.0.1 :
i.e. mysql -h 127.0.0.1
THe tcp 3306 port on the sshd server isn't listening on the others interface.
First question :
Is there a tool to open to all interfaces a listener port ?

Second step,
I try another ssh tunnel from the sshd server to itself, with local port forwarding this time :
ssh -L3307::3306 127.0.0.1 -g
which doesn't make any error, and a new port (3307) is listening.
The trouble :
when I connect from a lan workstation to the sshd server through mysql client, on port 3307, I have this error :
ERROR 2013: Lost connection to MySQL server during query
I think that the first step worked (sent signal, but not the answer !!!).
ANd on the sshd server this message (from sshd :
channel 2: open failed : connect failed : Connection refused)

Any idea ??
I try to install also an sshd on the other side (mysql server) which is working good (local forwarding this time) if I don't use a router but a direct connection to the ISP (on the mysql server side). But this solution isn't the one I prefer (changing Ip address of the mysql server !!!)

If any body could give an advice on the way to solve it ?
regards
Benoit

Re: openssh port forwarding with mysql

Jordan Bean — Tue, 01 Apr 2003 17:53:12 GMT

So -g is required and it only works with -L. This means the database host cannot be the ssh client.

Let's switch who is local and remote. The clients are in the local network. The database is in the remote network. So from a client host, this ssh command should work:

ssh -nfgNCL 3306:db_host:3306 sshd_host

You say this connection is only temporary. Do you mean it should only be available during business hours? And it may only be established by you at the remote site?

Let me think about this...

Re: openssh port forwarding with mysql

benoit Bruckert — Wed, 02 Apr 2003 08:37:00 GMT

Well, I tried this (sshd server on the same host as mysql database), with the -g...
The listener is working well, but I have the channel2 error !!!
But I would rather create a second tunnel with sshd on the lan and a

Yes remote sites are connecting to the central site, and at this step, a process on a central site is connecting to mysql database on remote to get datas. Lines are not permanent, remote sites are connecting just 1 or 2 times everyday. And they are the manager of their own databases (updates are mostly on remote).
Public ip are changing every days on remotes, that's why I would rather find a solution (like the tunnel of the sshd on itself ) where the remote is the ssh client.

The other way would be a full vpn, but licence cost ! and the remotes routers cannot support ipsec !

What I would like to know is the channel 2 error , which is linked to ssh ??
If you have any idea to investigate (a tool, a debug option ???)
sshd -d -d -d didn't gave more explanation, no more ssh -v...

regards
Benoit

Re: openssh port forwarding with mysql

benoit Bruckert — Wed, 02 Apr 2003 11:52:16 GMT

After more tests, I found the solution :
upgrade to openssh v3.6.1p1.
I used previously a sshd server :
3.5p1.
The fact to change the version made the loop working well , or maybe the fact to use loopback address ?? Or the fact to start from 0 with this new sshd !!!!!
command to open the 3307 or any other to the world :
ssh -L3307:127.0.0.1:3306 127.0.0.1 -g !!!! with the remote already connected to this server !!!
And it works like a charm.
From any workstation on the lan I can get the datas, and it works fast :
about 30s to generate a 1.3MB file from mysql datas !! on a 64Kbit/s line..

thanks for your help !
Benoit

Re: openssh port forwarding with mysql

benoit Bruckert — Wed, 02 Apr 2003 11:56:52 GMT

Jordan,
Can you post something in order to attribute a bunny , because the solution is in this thread, and it would be good to find it in the search engine !!!

regards
Benoit
____________
Amour, amour, quand tu nous tiens, on peut bien dire : "Adieu, prudence !" Jean De La Fontaine

Re: openssh port forwarding with mysql

Jordan Bean — Wed, 02 Apr 2003 22:28:36 GMT

Hi Benoit. I glad you got it working! I'm not exactly sure how my remarks helped, but I'm happy to contribute even a little bit.