3

Three machines are involved here.

  1. Localhost where I do my development. AKA laptop.
  2. Bastion host where you must connect first. AKA jump.
  3. MySQL server where I want to connect to. AKA DB.

My ssh public key is in /home/myusername/.ssh/authorized_keys on jump.

My ~/.ssh/config has this:

Host jump
    HostName jump.domain.com
    User myusername
    IdentityFile ~/.ssh/myprivatekey

I can ssh jump and get onto jump fine.

What ssh command do I need to run in terminal on Laptop in order to be able to connect from Laptop to DB via 

mysql -h 127.0.0.1 -P 3308

I need an SSH tunnel and a port forwarding, but I have yet to get the syntax correct. I want to use 3308 for production DB and 3307 for staging DB and am running local MySQL DB on 3306, which is why port forwarding to non-standard mysql ports.

Improve this question

3 Answers 3

Reset to default
1

This is what I ended up using:

ssh -f -L3307:staging.mysql-server.com:3306 jump sleep 10000000
ssh -f -L3308:production.mysql-server.com:3306 jump sleep 10000000

which is from http://csce.uark.edu/~kal/info/private/ssh/ch09_02.htm sec 9.2.6

Note: Contrary to the question I asked, no proxyCommand is needed, just the right combination of ssh command line options.

Improve this answer
1

The command is ssh -fL <mysql db port>:<mysql server url>:<mysql db port> <username>@<bastian url> '<remote command>'.

source

Improve this answer
2
  • Do you have extra sources to corroborate your response? It looks a little too simple to be that easy a retort to this question. I'm not calling you "wrong". I'm just skeptical.
    – killermist
    Commented Jan 24, 2015 at 1:46
  • I am pretty sure -t (force pseudo-tty) is not required for a tunnel to a MySQL server, and -f is required to run a remote command.
    – phpguru
    Commented Jan 28, 2015 at 17:41
1

You can use the following .ssh/config assuming you connect from machine A to C, through machine B

Host B
  User username_on_b
  Hostname ip_of_b
  IdentityFile ~/.ssh/key_for_b

Host C
  User username_on_c
  Hostname ip_of_c
  IdentityFile ~/.ssh/key_for_c
  Localforward 3308 ip_of_your_sql_server:3306
  Proxyjump B
  # or old-fashion
  # Proxycommand ssh B nc %h %p

Then you simply type from A :

ssh C

Then from A, you can 

mysql -P 3308 -H localhost
Improve this answer
2
  • This assumes that the user needs to log into Host C to access MySQL there, right? But what OP asked is how to open a local port to jump through B directly to the MySQL port on the private host. If you just remove User and IdentityFile, this doesn't work. In that case, is ProxyCommand required?
    – Nick K9
    Commented Jul 24, 2022 at 12:21
  • It works as is. ip_of_your_sql_server can be 127.0.0.1 or external ip. Then you use either Proxyjump or Proxycommand, not both. You could also put he localforward in Host B block, but in the case, you need B to be allowed to contact C on its external IP port 3306, but there are security concerns and network admins wouldn't like that. Neither Security. If flow is opened, then no need to ssh to C. To B shall be enough.
    – jmary
    Commented Aug 9, 2022 at 12:38

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .