John Almberg wrote: > I have two FreeBSD machines. One is a application server, the other a > database server running mysql. These machines are in two different > locations. I'd like to allow the application server to access mysql > through an SSH tunnel. > > Being a newbie admin, I've never set up an SSH tunnel. I've been > reading about them all morning and (as always) there seems to be more > than one way to skin this cat. > > I'm looking for ease of set up and maintenance, as well as security > (which I assume is a given.) I'd prefer NOT to have to recompile the > kernels (pure cowardice... the application server is a production > server that I don't want to experiment with.) Both servers have OpenSSL. > > Any recommendations, much appreciated. > > Thanks: John >
A very basic ssh tunnel is a simple as ssh -L3306:127.0.0.1:3306 [EMAIL PROTECTED] This will forward any connections to localhost on port 3306 through the ssh connection to remote.host then on to localhost at that end on port 3306. if you have mysql running on the app server as well then change -L3306:127.0.0.1:3306 to -L33006:127.0.0.1:3306 where 33006 is an unused tcp port on the application server. If you do use an ssh tunnel you may want to use security/autossh which will monitor the tunnel and re-establish it if it loses connection for some reason. You could also look at using stunnel to use a ssl tunnel rather than an ssh tunnel (see http://www.stunnel.org/examples/mysql.html for a basic example) I havent used this on FreeBSD (never needed it) so the port may install an easier way of setting up persistant tunnels. Vince > > _______________________________________________ > firstname.lastname@example.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"