By the way, this same host offers ssh access to the server.

Then you can probably access your db by using ssh port forwarding.

In the worst case, you can install phpMyAdmin, etc.

They have phpmyadmin, I just like to use an external db client.

It's VERY fast, and has a built in account manager so I can connect to any of 50+ dbs for different clients at the click of a mouse...

It can export/import/run queries... etc.

Are you saying I can set up my db client to use ssh and connect that way?

It makes sense not to open database ports.

Am I wrong in thinking that most hosts allow this?

If you have a dedicated firewall it is normal as you can set an administrative IP address to allow limited access to the db.

Are you saying I can set up my db client to use ssh and connect that way?

You use an ssh client that provides tunneling. This will create a port on your local computer that tunnels-through to your host. You then point your db client to the port on your local computer. The db client is none the wiser.

Providing your host has not disabled ssh tunneling, you can forward traffic from your PC to ANY port on the host.

This really is the most secure way to go - put all your eggs in one basket (SSH) and then watch the basket! Have any administrative servers on your host bind only to localhost, and then access them through a tunnel.

You can also do this for administrative sections of your website. Only accept connections from localhost, then use port forwarding. Of course, you could use SSL for this as well, but if you don't have an ecommerce site, you may have no other need for SSL, so why unnecessarily complicate things?

I will look into this. For the moment it's a bit over my head (I hate when that happens). I can see how understanding this will come in handy many places.