FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 06-27-2012, 02:37 PM
"J. Bakshi"
 
Default how to open ssh tunnel port ?

Dear list,

I have made a successful ssh tunnel between two pcs A and B.
A is running mysql and B have the tunnel with A , so that B
can access that remote mysql with its local port 3360. Everything
is fine......

But B is bind the port with localhost only, hence no one can access
B's 3360 port. How can B open the port so that others can also
use the 3360 port on B which is actually tunneled with A ?

<A running mysql> ------tunnel-----<B localhost:3360>
but <c> can't see 3360 on <B>

Thanks


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120627200730.7892ec0a@shiva.selfip.org">http://lists.debian.org/20120627200730.7892ec0a@shiva.selfip.org
 
Old 06-27-2012, 02:51 PM
"Karl E. Jorgensen"
 
Default how to open ssh tunnel port ?

On Wed, Jun 27, 2012 at 03:37:30PM +0100, J. Bakshi wrote:
>
> Dear list,
>
> I have made a successful ssh tunnel between two pcs A and B.
> A is running mysql and B have the tunnel with A , so that B
> can access that remote mysql with its local port 3360. Everything
> is fine......
>
> But B is bind the port with localhost only, hence no one can access
> B's 3360 port. How can B open the port so that others can also
> use the 3360 port on B which is actually tunneled with A ?
>
> <A running mysql> ------tunnel-----<B localhost:3360>
> but <c> can't see 3360 on <B>

>From the ssh man page:

-L [bind_address:]port:host:hostport

or alternatively: use the -g option..

But...

It sounds like you're using this to bypass a firewall somewhere? If
so, beware: MySQL traffic is NOT encrypted so any usernames/passwords
sent to mysql are easily exposed. And there's bound to be security
vulnerabilities in the MySQL protocol too - it is not designed to be
hardened.

Also: As far as MySQL is concerned, the connection will appear to come
from B - mysql will never see the true source of connections.

Hope this helps
--
Karl E. Jorgensen


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20120627145115.GB20713@hawking
 
Old 06-27-2012, 02:56 PM
Laurence Hurst
 
Default how to open ssh tunnel port ?

On 27/06/2012 15:37, J. Bakshi wrote:


Dear list,

I have made a successful ssh tunnel between two pcs A and B.
A is running mysql and B have the tunnel with A , so that B
can access that remote mysql with its local port 3360. Everything
is fine......

But B is bind the port with localhost only, hence no one can access
B's 3360 port. How can B open the port so that others can also
use the 3360 port on B which is actually tunneled with A ?

<A running mysql> ------tunnel-----<B localhost:3360>
but<c> can't see 3360 on<B>

Thanks




Hi,

Your current ssh command (assuming you are connection from B to A)
presumably looks something like:


ssh -L 3360:localhost:3306 A

According to the ssh man page (try running "man ssh" and read the bit
about the '-L' argument), you can specify the bind address as part of
that argument. Basically you should end up with something like this:


ssh -L 192.168.0.1:3360:localhost:3306 A

where '192.168.0.1' is the ip address you want to bind to (i.e. the ip
address of eth0, or whichever interface you want to use). The same
method applies if you are using -R to create the tunnel the other way -
again read the manual page, it's there to help you!


I would think carefully about whether you really want to do this, as you
will be exposing the mysql server to anyone who can connect to machine B
on port 3360. Security is one of the main motivators for binding only to
localhost by default (by both mysql and ssh).


Regards,
Laurence


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4FEB1F01.5090001@lboro.ac.uk">http://lists.debian.org/4FEB1F01.5090001@lboro.ac.uk
 
Old 06-28-2012, 08:39 AM
"J. Bakshi"
 
Default how to open ssh tunnel port ?

On Wed, 27 Jun 2012 15:56:01 +0100
Laurence Hurst <L.A.Hurst@lboro.ac.uk> wrote:

[.......]

>
> ssh -L 192.168.0.1:3360:localhost:3306 A
>
> where '192.168.0.1' is the ip address you want to bind to (i.e. the ip
> address of eth0, or whichever interface you want to use). The same
> method applies if you are using -R to create the tunnel the other way -
> again read the manual page, it's there to help you!

[.............]

Thanks


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120628140921.4b3ff5f5@shiva.selfip.org">http://lists.debian.org/20120628140921.4b3ff5f5@shiva.selfip.org
 

Thread Tools




All times are GMT. The time now is 01:27 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org