DEVHIDE
Login Or Sign up

Create a SSH tunnel from a Jump host to a Database and access the database on Jump Host Port

2k Views Asked by At

I am trying to create a SSH tunnel between a database running server port and another server as the following.

MySQL:3306 <=====> Server-A:3306

And I want to use the Server-A:3306 as the database URI to connect to the database.

I am running the following on ServerA

ssh -f -N -i ~/keys/test.pem [email protected] -L5001:127.0.0.1:2001

I can see that the tunnel is up and running. But when I use the public IP of Server-A and try to connect to the database, It does not work.

If I create another tunnel between between Server-A and where I run the MySQL client. then it works. But I don't want to do that.

What can be the reason for this issue. I am fairly new to scripting

ssh database-connection portforwarding ssh-tunnel autossh
Original Q&A
1

There are 1 best solutions below

0
On BEST ANSWER

by default local side (ssh client) creates listening port at loopback interface with address 127.0.0.1 when you use command like this

ssh me@server -L3306:localhost:3306

if you check netstat on your host you will see something like this

sudo netstat -ntlp | grep 3306
tcp  0 0 127.0.0.1:3306  0.0.0.0:*   LISTEN 12354/ssh

So applications at your local node can connect to such mapped service because loopback interface is visible to host itself but external nodes have no access to this virtual interface so can't make any connections to any service(port) which is listening on this single interface.

To instruct local ssh client to share such mapped port to the world you need to instruct it to bind to either all interfaces (including loopback) or to specific interface only

# here you explicitly tell ssh client to accept connection to your tunnel
# from any client(i.e. bind listenning port to all interfaces)
ssh me@server -L0.0.0.0:3306:localhost:3306 
sudo netstat -ntlp | grep 3306 
tcp  0 0 0.0.0.0:3306   0.0.0.0:*   LISTEN 12354/ssh

#here you do the same thing by using -g option
ssh me@server -g -L3306:localhost:3306
sudo netstat -ntlp | grep 3306 
tcp  0 0 0.0.0.0:3306   0.0.0.0:*   LISTEN 12354/ssh

#and here is an example of how to bind to specific interfaces only
# 10.0.0.12 is an IP of one of interfaces on your node
# 10.1.0.156 is also IP address of one interfaces of your node
ssh me@server -L10.0.0.12:3306:localhost:3306 -L10.1.0.156:3306:localhost:3306

sudo netstat -ntlp | grep 3306
tcp  0 0 10.0.0.12:3306   0.0.0.0:*   LISTEN 12354/ssh
tcp  0 0 10.1.0.156:3306  0.0.0.0:*   LISTEN 12354/ssh

Related Questions in SSH

Related Questions in DATABASE-CONNECTION

Related Questions in PORTFORWARDING

Related Questions in SSH-TUNNEL

Related Questions in AUTOSSH

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.