I may miss what you are doing (I use the SSH2 client from ssh.com). But I think you want: ssh -L 13306:hermes.sistina.com:3306 bender.sistina.com mysql -h hermes.sistina.com -P 13306 -u$USERNAME --p$PASSWORD Is there any reason you can't just use 3306 on hermes as well? So ... ssh -L 3306:hermes.sistina.com:3306 bender.sistina.com mysql -h hermes.sistina.com -u$USERNAME --p$PASSWORD Tom Veldhouse veldy at veldy.net ----- Original Message ----- From: "Ben Lutgens" <blutgens at sistina.com> To: <tclug-list at mn-linux.org> Sent: Thursday, March 08, 2001 3:00 PM Subject: [TCLUG] tuneling mysql though ssh Hi all, we wanna secure the way our webserver talks to our database. We'd like for all mysql work to be done though an ssh tunnel. I found very little documentaion on this save a few mailing list posts. Essentially here's what I am doing. 1.)in one terminal from hermes.sistina.com ssh -L 13306:bender.sistina.com:3306 bender.sistina.com sleep 20 2.) then from a nother shell on the same machine mysql -h hermes.sistina.com -P 13306 -u$USERNAME --p$PASSWORD I have tried the tunnel with ftp, telnet, and I get my mail from my imap server this way with fetchmail but for some reason I get ERROR 2003: Can't connect to mysql server on 'hermes' (111) It's my understanding that with the ssh command above anything trying to connect to port 13306 on the local machine is tranparently pushed though the tunnel to the port on the other end (in this case 3306 the default mysql port) When I do this with ftp, I can connect, login and all is well. But I get illegal port command errors. My research has told me that wu-ftpd don't like when you tunnel to it. Has anyone done this before? Is there a better way to secure database transactions?