On Oct 20, 2008, at 5:21 PM, Jeremy Chadwick wrote:

On Mon, Oct 20, 2008 at 03:25:23PM -0400, John Almberg wrote:
On Sep 23, 2008, at 10:09 AM, Vincent Hoffman wrote:
John Almberg wrote:
I have two FreeBSD machines. One is a application server, the other a
database server running mysql. These machines are in two different
locations. I'd like to allow the application server to access mysql
through an SSH tunnel.

I'm somewhat amazed at the fact that everyone so far has gone completely
wild with SSH to solve this problem.

Has anyone made the OP aware that MySQL *does* in fact support SSL
natively, and that it can be used between client and server, as well as
between master and slave (for replication)?

The SSH tunnelling idea is fine if you want to access a MySQL server
behind a firewall or on a private network, but I'm a bit confused as to why everyone's going to great lengths to use SSH to accomplish something
MySQL has support for natively.

Please clue me in.  :-)

Hi Jeremy,

There are two PF firewalls in the mix, one at each end. The two machines are in different data centers. Actually, that is motivation behind this exercise. The client wants the database in his own data center, since it contains information he needs to have physical control over.

I do know that Mysql supports SSL... somehow this got discounted early in the discussion, perhaps mistakenly?

Anyway, the autossh option works perfectly, so I think I will stick with that unless there's a good reason not to. I have Monit running on the remote server, so I can probably monitor/restart autossh with that (with another few hours reading, of course :-)

-- John

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to