• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 259
  • Last Modified:

Remote MySQL using SSH

Hi,

Can anyone please provide some guidance notes on how to setup secure remote access to a MySQL server running on a private Windows Server 2012 R2 server?  I think SSH is the way.  I'm using Navicat to administer.

Thanks
0
wayneinuk
Asked:
wayneinuk
  • 5
  • 5
2 Solutions
 
Julian HansenCommented:
You want to read up on SSH Tunnelling. I am not familiar with Navicat but a quick search brought up this page which discusses how to setup an SSH tunnel on Navicat
https://www.navicat.com/manual/online_manual/en/navicat/rv_manual/SSHSettings.html
0
 
arnoldCommented:
ssh -t -L 3306:localhost:3306 user@remotehost


This establishes a connection without opening terminal, -t
-L setup local tunnel, Localport:remotehostname:remoteport
In the example I used localhost for the remote host since you indicated the MySQL is running on the server.

If you are using an ssh gateway to and through which, then the remote host will need to be the remote hostname that the ssh gateway will be establishing/completing the tunnel to.

MySQL localhost:3306 will go through the ssh tunnel, and will connect to the localhost on the remotehost port 3306.
Ssh, could mean any ssh application most follow the same
.......

You've provided very little detail, do you already have an ssh server configured/running on the Windows 2012?

You could look at Cygwin to setup in tge server with running ssh server........
0
 
wayneinukAuthor Commented:
Hi,

Thanks for your comments but wont I need some SSH software installed on the server and port 22 open?
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
arnoldCommented:
Yes, this is why I suggested cygwin.

The other option you initiate an ssh connection from the server reversing the tunneling from local, to remote which has the same effect as far as the remote user is concerned.
Initiated from the Windows server to the remote Linux gateway
Using -R instead of -L.
0
 
wayneinukAuthor Commented:
Hi,

Sorry I missed that bit.  I simply have a MySQL server in the office running on Windows 2012 R2 connected to the Internet via broadband and I want to be able to connect using Navicat, Toad or MySQL Workbench from my Windows 7 PC at home to administer the DB and make changes to the schema.

I do not have a Linux server.

Thanks
0
 
arnoldCommented:
To connect from your home to anything at work, you have to have a VPN connection to your work.
If at work you have a gateway server running SSH to which you can connect remotely, you could use this server with SSH tunnel to setup a VPN like connection.

HOme computer <=> ssh connection with Tunnel <=> office Linux Server

In this scenario, you should look at whether your office router has a VPN functionality, failing that, you could setup VPN services (NPS) on your windows Server 2012 and configuring the firewall to pass the ports to the windows 2012 server.
Once the VPN connectio (VPN, SSL VPN) are established from your computer to the remote server, you will be able to access your office LAN from your home computer.........
0
 
wayneinukAuthor Commented:
Hi Arnold,

Thanks for the info, the only reason I wanted to go SSH was that I also wanted to open up the MySQL server for a couple of developers without giving them access to the whole network which the VPN route would give.

Thanks
0
 
arnoldCommented:
Actually, ssh would give a wider access than a VPN that can be configured on a per user basis allowing specific IPs,ports to ve accessed.
Once one has an ssh connection, they can using tunneling .......access .......
You could setup Cygwin or the like on the server. Then in the configuration make sure to disable tunneling such that anyone connecting via the ssh connection can only connect to localhost which means your MySQL int ce must be available on the localhost......

On the external firewall you would open a port that they would use which will be forwarded to this server..

For more security, you might want to consider using ssh keys, no password authentication.....
0
 
wayneinukAuthor Commented:
Thanks Arnold,

I don't suppose there are any handy guides you know of to help me?

Thanks for all your help :-)
0
 
arnoldCommented:
Help you with?   "Ssh tunneling" "ssh configuration" ref OpenSSH FAQ could provide insight.......

Get Cygwin onto your computer and tinker/practice on that.......
0
 
wayneinukAuthor Commented:
Thanks for all your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now