HPE Community
Operating System - HP-UX
1819909 Members
2744 Online
109607 Solutions
New Discussion юеВ

Re: openssh port forwarding with mysql

 
SOLVED
Go to solution
benoit Bruckert
Honored Contributor

тАО04-01-2003 08:02 AM

тАО04-01-2003 08:02 AM

openssh port forwarding with mysql

Hi,
My question isn't simple, and is not specific for HP-UX, network or security, it's more a mixture of all this !!
The goal :
Through a ssh client which is connecting to internet through a routeur (nat inside the routeur) and accessing a lan sshd server (through another nat + firewall), I would like that any workstation on the LAN can connect to a mysql database which is running on the ssh client host !!
And the ssh client connection isn't permanent !!!

I succeded from the ssh client to forward local port 3306 (mysql listener) to the 3306 of the sshd server.
ssh -C -R 3306:localhost:3306
(-g doesn't seems to work on remote forwarding).
From this server I can connect to mysqld through the tunnel, but only if I'm using the host 127.0.0.1 :
i.e. mysql -h 127.0.0.1
THe tcp 3306 port on the sshd server isn't listening on the others interface.
First question :
Is there a tool to open to all interfaces a listener port ?

Second step,
I try another ssh tunnel from the sshd server to itself, with local port forwarding this time :
ssh -L3307::3306 127.0.0.1 -g
which doesn't make any error, and a new port (3307) is listening.
The trouble :
when I connect from a lan workstation to the sshd server through mysql client, on port 3307, I have this error :
ERROR 2013: Lost connection to MySQL server during query
I think that the first step worked (sent signal, but not the answer !!!).
ANd on the sshd server this message (from sshd :
channel 2: open failed : connect failed : Connection refused)

Any idea ??
I try to install also an sshd on the other side (mysql server) which is working good (local forwarding this time) if I don't use a router but a direct connection to the ISP (on the mysql server side). But this solution isn't the one I prefer (changing Ip address of the mysql server !!!)

If any body could give an advice on the way to solve it ?
regards
Benoit
Une application mal pans├йe aboutit ├а une usine ├а gaze (GHG)
0 Kudos
Reply
5 REPLIES 5
Jordan Bean
Honored Contributor

тАО04-01-2003 09:53 AM

тАО04-01-2003 09:53 AM

Re: openssh port forwarding with mysql


So -g is required and it only works with -L. This means the database host cannot be the ssh client.

Let's switch who is local and remote. The clients are in the local network. The database is in the remote network. So from a client host, this ssh command should work:

ssh -nfgNCL 3306:db_host:3306 sshd_host

You say this connection is only temporary. Do you mean it should only be available during business hours? And it may only be established by you at the remote site?

Let me think about this...
0 Kudos
Reply
benoit Bruckert
Honored Contributor

тАО04-02-2003 12:37 AM

тАО04-02-2003 12:37 AM

Re: openssh port forwarding with mysql

Well, I tried this (sshd server on the same host as mysql database), with the -g...
The listener is working well, but I have the channel2 error !!!
But I would rather create a second tunnel with sshd on the lan and a

Yes remote sites are connecting to the central site, and at this step, a process on a central site is connecting to mysql database on remote to get datas. Lines are not permanent, remote sites are connecting just 1 or 2 times everyday. And they are the manager of their own databases (updates are mostly on remote).
Public ip are changing every days on remotes, that's why I would rather find a solution (like the tunnel of the sshd on itself ) where the remote is the ssh client.

The other way would be a full vpn, but licence cost ! and the remotes routers cannot support ipsec !

What I would like to know is the channel 2 error , which is linked to ssh ??
If you have any idea to investigate (a tool, a debug option ???)
sshd -d -d -d didn't gave more explanation, no more ssh -v...

regards
Benoit
Une application mal pans├йe aboutit ├а une usine ├а gaze (GHG)
0 Kudos
Reply
benoit Bruckert
Honored Contributor

тАО04-02-2003 03:52 AM

тАО04-02-2003 03:52 AM

Re: openssh port forwarding with mysql

After more tests, I found the solution :
upgrade to openssh v3.6.1p1.
I used previously a sshd server :
3.5p1.
The fact to change the version made the loop working well , or maybe the fact to use loopback address ?? Or the fact to start from 0 with this new sshd !!!!!
command to open the 3307 or any other to the world :
ssh -L3307:127.0.0.1:3306 127.0.0.1 -g !!!! with the remote already connected to this server !!!
And it works like a charm.
From any workstation on the lan I can get the datas, and it works fast :
about 30s to generate a 1.3MB file from mysql datas !! on a 64Kbit/s line..

thanks for your help !
Benoit
Une application mal pans├йe aboutit ├а une usine ├а gaze (GHG)
0 Kudos
Reply
benoit Bruckert
Honored Contributor

тАО04-02-2003 03:56 AM

тАО04-02-2003 03:56 AM

Re: openssh port forwarding with mysql

Jordan,
Can you post something in order to attribute a bunny , because the solution is in this thread, and it would be good to find it in the search engine !!!

regards
Benoit
____________
Amour, amour, quand tu nous tiens, on peut bien dire : "Adieu, prudence !" Jean De La Fontaine
Une application mal pans├йe aboutit ├а une usine ├а gaze (GHG)
0 Kudos
Reply
Jordan Bean
Honored Contributor

тАО04-02-2003 02:28 PM

тАО04-02-2003 02:28 PM

Solution

Re: openssh port forwarding with mysql

Hi Benoit. I glad you got it working! I'm not exactly sure how my remarks helped, but I'm happy to contribute even a little bit.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.