Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: bakedjake
ssh -N -f -L 3306:myhost.com:3306 myhost.com
returns an error message about "channel_setup_fwd_listener: cannot listen to port, address already in use"
hmmm. unfortunately i am unable to limit connections to port 3306 to just my own IP as i am assigned a dynamic one by my provider.
does anyone have any other solutions to keep security high whilst allowing use of the sqlyog sync tool?
can i assign mysql a different port number just for the tunnel? normally i don't need port 3306 to be open, just for the syncing.
many thanks :)
As a separate matter, you could always just forward some other local port. Maybe pick 3307 if nothing else is listening there.
Combining the two ideas, you'd connect something like this:
me@home:~$ ssh -N -f -L 3307:localhost:3306 myhost.com
me@home:~$ mysql -P 3307 database
i am trying what you suggest, but am having no success.
i am not sure what you mean by
I'd probably set up MySQL on the server to just listen on 127.0.0.1:3306, and possibly enforce that prohibition with iptables. That way, a port scan wouldn't even show 3306 as open.
i have two machines, one at home and one remote. i presume you refer to the remote server, but how would i do that? i have been reading the mysql manual today and although haven't gone too deeply into it, couldn't i set that up in my.cnf? or would i have to recompile. (yikes)
i have tried every kind of combination of ports and hosts but my ssh tunnel either hangs or it asks for the password and i am thrown straight back out again to my home shell? (even with correct password).
i have succeeded using putty on my win2k box, using ports 3307 local and 3306 remote, but on my redhat box it won't work.
am at my wits end...
recompiling... daisho - i am on redhat and have installed everything from rpm - the thought of uninstalling and then recompiling from source brings me out in a cold sweat ;-)
i configured mysql on my remote server to only listen on 127.0.0.1 (not nearly as tricky as i thought ;) but that of course prevents any connections from my home server to the remote server via any port.
so for the time being i have configured mysql to listen on another completely unrelated port, not 3306. this should stop any casual snoopers. i have just been looking at the static IP services claus mentioned - DynDNS - this would enable me to limit access to this mysql port from my box only (normally i have a dynamic IP). it seems to be the best work around.
i configured mysql on my remote server to only listen on 127.0.0.1 (not nearly as tricky as i thought but that of course prevents any connections from my home server to the remote server via any port.
That's surmountable with the SSH tunnel. 'ssh -f -N -L 3306:myhost.com:3306 myhost.com' won't work, but 'ssh -f -N -L 3306:127.0.0.1:3306 myhost.com' will. The difference is that the host specification between the port numbers is interpreted by the remote machine, in this case 'myhost.com'. It's subtle, but it works.