4 Dec 2008

SSH Tunneling between databases with MySQL

Dear Lazyweb

I saw recently an interesting installation at a company. This company had databases in two different locations and they established a connection using SSH tunneling.

The thing that looked very interesting to me is, they setup a dedicated machine that had a MySQL instance on it. That database was mostly empty, but it had a port open on that machine that is a "virtual" tunnel. This allowed you to connect to the databases in the second location but it seemed as if the database is local to the network.
I believe this opens up a SSH tunnel and from my first impressions, it appears to be the case. My question is, how is that setup?

4 comments:

  1. I do this all the time on my vmware instance to connect to databases on our production environment.
    A good "how to" about SSH tunnels can be found here: http://www.revsys.com/writings/quicktips/ssh-tunnel.html

    e.g.
    ssh -f user@remotehost -L 3306:127.0.0.1:3306 -N

    then just connect to 127.0.0.1:3306 on the machine where you opened the tunnel and voila

    ReplyDelete
  2. I use this method as well. In fact, SSH is the only protocol over which I send data or read data from my servers. If I do a remote backup - it's over SSH tunneling. If I want to login as root - my MySQL installation is configured to only allow root logins from localhost - I use tunneling.

    Shlomi

    ReplyDelete
  3. Creating an ssh-tunnel for MySQL replication is something I believe that people should do when replicating over WANs (internet or intranet, PVCs, Leased lines etc).

    Why? The answer is actually quite simple. TCP has a simple 16bit CRC for each packet: Errors on private circuits tend to be bursty and are rarely single-bit errors ... The more data that is transferred, the greater the chance that there would be an undetected data error which would break replication and other bad foo.

    Wrapping the replication connection inside an SSH tunnel insures against that possibility by effectively having a 128bit check.

    ReplyDelete
  4. Thanks for your post.I do not know about the SSH tunneling between databases with MySQL.

    ing between databases with MySQL

    ReplyDelete