Re: how to open ssh tunnel port ?
On Wed, 27 Jun 2012 15:56:01 +0100 Laurence Hurst l.a.hu...@lboro.ac.uk wrote: [...] ssh -L 192.168.0.1:3360:localhost:3306 A where '192.168.0.1' is the ip address you want to bind to (i.e. the ip address of eth0, or whichever interface you want to use). The same method applies if you are using -R to create the tunnel the other way - again read the manual page, it's there to help you! [.] Thanks -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120628140921.4b3ff...@shiva.selfip.org
how to open ssh tunnel port ?
Dear list, I have made a successful ssh tunnel between two pcs A and B. A is running mysql and B have the tunnel with A , so that B can access that remote mysql with its local port 3360. Everything is fine.. But B is bind the port with localhost only, hence no one can access B's 3360 port. How can B open the port so that others can also use the 3360 port on B which is actually tunneled with A ? A running mysql --tunnel-B localhost:3360 but c can't see 3360 on B Thanks -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120627200730.7892e...@shiva.selfip.org
Re: how to open ssh tunnel port ?
On Wed, Jun 27, 2012 at 03:37:30PM +0100, J. Bakshi wrote: Dear list, I have made a successful ssh tunnel between two pcs A and B. A is running mysql and B have the tunnel with A , so that B can access that remote mysql with its local port 3360. Everything is fine.. But B is bind the port with localhost only, hence no one can access B's 3360 port. How can B open the port so that others can also use the 3360 port on B which is actually tunneled with A ? A running mysql --tunnel-B localhost:3360 but c can't see 3360 on B From the ssh man page: -L [bind_address:]port:host:hostport or alternatively: use the -g option.. But... It sounds like you're using this to bypass a firewall somewhere? If so, beware: MySQL traffic is NOT encrypted so any usernames/passwords sent to mysql are easily exposed. And there's bound to be security vulnerabilities in the MySQL protocol too - it is not designed to be hardened. Also: As far as MySQL is concerned, the connection will appear to come from B - mysql will never see the true source of connections. Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120627145115.GB20713@hawking
Re: how to open ssh tunnel port ?
On 27/06/2012 15:37, J. Bakshi wrote: Dear list, I have made a successful ssh tunnel between two pcs A and B. A is running mysql and B have the tunnel with A , so that B can access that remote mysql with its local port 3360. Everything is fine.. But B is bind the port with localhost only, hence no one can access B's 3360 port. How can B open the port so that others can also use the 3360 port on B which is actually tunneled with A ? A running mysql --tunnel-B localhost:3360 butc can't see 3360 onB Thanks Hi, Your current ssh command (assuming you are connection from B to A) presumably looks something like: ssh -L 3360:localhost:3306 A According to the ssh man page (try running man ssh and read the bit about the '-L' argument), you can specify the bind address as part of that argument. Basically you should end up with something like this: ssh -L 192.168.0.1:3360:localhost:3306 A where '192.168.0.1' is the ip address you want to bind to (i.e. the ip address of eth0, or whichever interface you want to use). The same method applies if you are using -R to create the tunnel the other way - again read the manual page, it's there to help you! I would think carefully about whether you really want to do this, as you will be exposing the mysql server to anyone who can connect to machine B on port 3360. Security is one of the main motivators for binding only to localhost by default (by both mysql and ssh). Regards, Laurence -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4feb1f01.5090...@lboro.ac.uk