Results 1 to 6 of 6

Thread: Connecting to MySQL with SSH Tunnel? Would this be a good/secure workaround?

  1. #1

    Thread Starter
    Addicted Member Davor Geci's Avatar
    Join Date
    Sep 2009
    Posts
    222

    Connecting to MySQL with SSH Tunnel? Would this be a good/secure workaround?

    Hello,

    I know that directly connecting to a MySQL database on internet is not a good idea, but if we use a SSH Tunnel (like Putty or Chilkat ActiveX) would this be a secure solution?
    So that we don't need to rewrite the whole legacy app codded in vb6 to use webservices?

    Do you have any experiences with this SSH tunneling?

    Thanks,
    Davor
    My projects:
    Virtual Forms
    VBA Telemetry

  2. #2
    Frenzied Member
    Join Date
    Jun 2015
    Posts
    1,054

    Re: Connecting to MySQL with SSH Tunnel? Would this be a good/secure workaround?

    bitvise ssh client or putty both allow you to do the ssh connection, you can configure it to open a local port that it then proxies to the remote machine.
    this way you can set your mysql server to only listen on localhost and/or block 3306 at the firewall so its not web accessible.

    on your dev machine you open the ssh tunnel with the proxy configured. then on the dev machine you can connect to localhost 3307 or whatever
    and it will be automatically forwarded to the server 3306.

    This is how I access my web server mysql instances for dev/backups etc works great.

  3. #3
    PowerPoster
    Join Date
    Feb 2006
    Posts
    24,482

    Re: Connecting to MySQL with SSH Tunnel? Would this be a good/secure workaround?

    Windows 10 has had the OpenSSH client (and optional server) for a long time now.

    Name:  sshot.png
Views: 441
Size:  4.4 KB

  4. #4

    Thread Starter
    Addicted Member Davor Geci's Avatar
    Join Date
    Sep 2009
    Posts
    222

    Re: Connecting to MySQL with SSH Tunnel? Would this be a good/secure workaround?

    I plan to have a few MySQL databases on the sever, and if I give the users SSH access so that they can securely connect to the database. What should I do to disable the user to run any commands on the server and to only allow him to connect to his database on this server and NOT to be able to see and "play" with other databases that are on the server if I give him the SSH access to the server?
    My projects:
    Virtual Forms
    VBA Telemetry

  5. #5
    Frenzied Member
    Join Date
    Jun 2015
    Posts
    1,054

    Re: Connecting to MySQL with SSH Tunnel? Would this be a good/secure workaround?

    I wouldnt let anyone ssh into my server. Maybe allowing them to VPN into a specific point of your network and then access mysql that way.
    You will probably get the best answers from a Linux admin forum .

  6. #6
    PowerPoster wqweto's Avatar
    Join Date
    May 2011
    Location
    Sofia, Bulgaria
    Posts
    5,120

    Re: Connecting to MySQL with SSH Tunnel? Would this be a good/secure workaround?

    Quote Originally Posted by Davor Geci View Post
    What should I do to disable the user to run any commands on the server and to only allow him to connect to his database on this server and NOT to be able to see and "play" with other databases that are on the server if I give him the SSH access to the server?
    In sshd_config you have to use ForceCommand to disable shell for instance something like this

    Code:
    Match Group sshusers
        ForceCommand   /bin/false
        . . .
    . . . where sshusers above is a users group on the ssh host. Find a tutorial how to configure openssh access.

    You might want to disable password auth too and accept pubkey auth only. (This is what we do.)

    For MySQL you'll probably need a second pair of user/pass which you can authorize access to specific DBs. Never done it personally but this is what we do with our MSSQL instances here.

    cheers,
    </wqw>

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width