On Thu, Mar 08, 2001 at 03:51:55PM -0600, Thomas T. Veldhouse wrote:
>I may miss what you are doing (I use the SSH2 client from ssh.com).
>
>But I think you want:
>
>ssh -L 13306:hermes.sistina.com:3306 bender.sistina.com
>mysql -h hermes.sistina.com -P 13306 -u$USERNAME --p$PASSWORD

I did this exactly as above and still get ERROR 2203: Coan't connect to MySQL
server on 'hermes.sistina.com' (111)

Also when I do it this way with (for example) ftp ports I can't connect at
all. I am pretty sure the first part is
localport:remotehost:remoteport

>
>Is there any reason you can't just use 3306 on hermes as well?  So ...
>
>ssh -L 3306:hermes.sistina.com:3306 bender.sistina.com
>mysql -h hermes.sistina.com -u$USERNAME --p$PASSWORD
>
>
>Tom Veldhouse
>veldy at veldy.net
>
>----- Original Message -----
>From: "Ben Lutgens" <blutgens at sistina.com>
>To: <tclug-list at mn-linux.org>
>Sent: Thursday, March 08, 2001 3:00 PM
>Subject: [TCLUG] tuneling mysql though ssh
>
>Hi all, we wanna secure the way our webserver talks to our database. We'd
>like
>for all mysql work to be done though an ssh tunnel. I found very little
>documentaion on this save a few mailing list posts. Essentially here's what
>I
>am doing.
>
>1.)in one terminal from hermes.sistina.com
>ssh -L 13306:bender.sistina.com:3306 bender.sistina.com sleep 20
>
>2.) then from a nother shell on the same machine
>mysql -h hermes.sistina.com -P 13306 -u$USERNAME --p$PASSWORD
>
>I have tried the tunnel with ftp, telnet, and I get my mail from my imap
>server this way with fetchmail but for some reason I get
>ERROR 2003: Can't connect to mysql server on 'hermes' (111)
>
>It's my understanding that with the ssh command above anything trying to
>connect to port 13306 on the local machine is tranparently pushed though the
>tunnel to the port on the other end (in this case 3306 the default mysql
>port)
>
>When I do this with ftp, I can connect, login and all is well. But I get
>illegal port command errors. My research has told me that wu-ftpd don't like
>when you tunnel to it.
>
>Has anyone done this before? Is there a better way to secure database
>transactions?
>
>
>_______________________________________________
>tclug-list mailing list
>tclug-list at mn-linux.org
>https://mailman.mn-linux.org/mailman/listinfo/tclug-list

-- 
Ben Lutgens		cell: 612.670.4789
Sistina Software Inc.	worl: 612.379.3951
Code Monkey Support (A.K.A. System Administrator)

"It's hard to believe that's the same frail woman who once sprained her wrist
from having too much dip on a cracker!" -- Frazier Crane
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20010308/a84519bc/attachment.pgp