On Thu, 8 Mar 2001, Ben Lutgens wrote: > Hi all, we wanna secure the way our webserver talks to our database. We'd like > for all mysql work to be done though an ssh tunnel. I found very little > documentaion on this save a few mailing list posts. Essentially here's what I > am doing. > > 1.)in one terminal from hermes.sistina.com > ssh -L 13306:bender.sistina.com:3306 bender.sistina.com sleep 20 > > 2.) then from a nother shell on the same machine > mysql -h hermes.sistina.com -P 13306 -u$USERNAME --p$PASSWORD > > I have tried the tunnel with ftp, telnet, and I get my mail from my imap > server this way with fetchmail but for some reason I get > ERROR 2003: Can't connect to mysql server on 'hermes' (111) > > It's my understanding that with the ssh command above anything trying to > connect to port 13306 on the local machine is tranparently pushed though the > tunnel to the port on the other end (in this case 3306 the default mysql port) > > When I do this with ftp, I can connect, login and all is well. But I get > illegal port command errors. My research has told me that wu-ftpd don't like > when you tunnel to it. FTP uses ports 20 and 21 (and possibly > 1024) > Has anyone done this before? Is there a better way to secure database > transactions? Doesn't MySQL have integrated encryption? We've been using VPN tunnels, here.. -- Nate Carlson <natecars at real-time.com> | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500