After a few hours of work today, I have all this working
using autossh to automatically create and monitor the ssh tunnel,
can make mysql connections through the tunnel with no problems.
And that's through PF firewalls on both machines, which added
the exercise ;-)
One question... and maybe this is a general, philosophical
If autossh watches over my ssh tunnel, who or what watches over
As a related question, how can I make autossh start automatically
a reboot? At the moment, I start autossh from the command line,
autossh -M 20000 -fNg -L 33006:127.0.0.1:3306 [EMAIL PROTECTED]
There doesn't seem to be an rc.d file for autossh... Do I have to
out how to make one?
You can do this all by not using autossh at all: let init watch and
re-establish your ssh tunnel:
This is in my /etc/ttys (wrapped for readability):
ttyv8 "/usr/bin/ssh -l syslogng -nNTx -R 3306:local.domain.tld:3306
remote.domain.tld >/dev/null 2>&1" unknown on
I let my central machine control the tunnel, not the sending one.
H'mmm... This is new territory for me. I've just read some of the man
pages and a few pages in Absolute BSD, and I guess I sort of
understand what this does. I'm trying to grasp the connection between
virtual terminals and this SSH tunnel...
I guess my main question is, if I start the tunnel with this method,
will I be able to access mysql in 'the usual way'? The following
works with my autossh tunnel:
mysql -h127.0.0.1 -P33006 -uuser -ppassword db
So, if using the /etc/ttys file is equivalent, and I make the
connection on the database server, rather than the client server,
then I guess my ttys file should look like this (my ttyv8 is already
used... I am guessing I should use the next one down):
ttyv7 "/usr/bin/ssh -l admin -nNTx -R 3306:127.0.0.1:33006
example.com >/dev/null 2>&1" unknown on
Where 'admin' is the user I am logging into on the remote machine,
and 'example.com' is the hostname of the remote machine. I guess
equivalent to the following?
ttyv7 "/usr/bin/ssh -nNTx -R 3306:127.0.0.1:33006 [EMAIL PROTECTED]
>/dev/null 2>&1" unknown on
Port 33006 is not a typo. There are databases running on both
machines, so I need to use a different port for the tunnel.
And as far as I can tell, I reload /etc/ttys with 'kill -1 1'.
This looks dangerous...
Websites and Marketing for On-line Collectible Dealers
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"