Remote MySQL using SSH
Hi,
Can anyone please provide some guidance notes on how to setup secure remote access to a MySQL server running on a private Windows Server 2012 R2 server? I think SSH is the way. I'm using Navicat to administer.
Thanks
Can anyone please provide some guidance notes on how to setup secure remote access to a MySQL server running on a private Windows Server 2012 R2 server? I think SSH is the way. I'm using Navicat to administer.
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
Thanks for your comments but wont I need some SSH software installed on the server and port 22 open?
Thanks for your comments but wont I need some SSH software installed on the server and port 22 open?
Yes, this is why I suggested cygwin.
The other option you initiate an ssh connection from the server reversing the tunneling from local, to remote which has the same effect as far as the remote user is concerned.
Initiated from the Windows server to the remote Linux gateway
Using -R instead of -L.
The other option you initiate an ssh connection from the server reversing the tunneling from local, to remote which has the same effect as far as the remote user is concerned.
Initiated from the Windows server to the remote Linux gateway
Using -R instead of -L.
ASKER
Hi,
Sorry I missed that bit. I simply have a MySQL server in the office running on Windows 2012 R2 connected to the Internet via broadband and I want to be able to connect using Navicat, Toad or MySQL Workbench from my Windows 7 PC at home to administer the DB and make changes to the schema.
I do not have a Linux server.
Thanks
Sorry I missed that bit. I simply have a MySQL server in the office running on Windows 2012 R2 connected to the Internet via broadband and I want to be able to connect using Navicat, Toad or MySQL Workbench from my Windows 7 PC at home to administer the DB and make changes to the schema.
I do not have a Linux server.
Thanks
To connect from your home to anything at work, you have to have a VPN connection to your work.
If at work you have a gateway server running SSH to which you can connect remotely, you could use this server with SSH tunnel to setup a VPN like connection.
HOme computer <=> ssh connection with Tunnel <=> office Linux Server
In this scenario, you should look at whether your office router has a VPN functionality, failing that, you could setup VPN services (NPS) on your windows Server 2012 and configuring the firewall to pass the ports to the windows 2012 server.
Once the VPN connectio (VPN, SSL VPN) are established from your computer to the remote server, you will be able to access your office LAN from your home computer.........
If at work you have a gateway server running SSH to which you can connect remotely, you could use this server with SSH tunnel to setup a VPN like connection.
HOme computer <=> ssh connection with Tunnel <=> office Linux Server
In this scenario, you should look at whether your office router has a VPN functionality, failing that, you could setup VPN services (NPS) on your windows Server 2012 and configuring the firewall to pass the ports to the windows 2012 server.
Once the VPN connectio (VPN, SSL VPN) are established from your computer to the remote server, you will be able to access your office LAN from your home computer.........
ASKER
Hi Arnold,
Thanks for the info, the only reason I wanted to go SSH was that I also wanted to open up the MySQL server for a couple of developers without giving them access to the whole network which the VPN route would give.
Thanks
Thanks for the info, the only reason I wanted to go SSH was that I also wanted to open up the MySQL server for a couple of developers without giving them access to the whole network which the VPN route would give.
Thanks
Actually, ssh would give a wider access than a VPN that can be configured on a per user basis allowing specific IPs,ports to ve accessed.
Once one has an ssh connection, they can using tunneling .......access .......
You could setup Cygwin or the like on the server. Then in the configuration make sure to disable tunneling such that anyone connecting via the ssh connection can only connect to localhost which means your MySQL int ce must be available on the localhost......
On the external firewall you would open a port that they would use which will be forwarded to this server..
For more security, you might want to consider using ssh keys, no password authentication.....
Once one has an ssh connection, they can using tunneling .......access .......
You could setup Cygwin or the like on the server. Then in the configuration make sure to disable tunneling such that anyone connecting via the ssh connection can only connect to localhost which means your MySQL int ce must be available on the localhost......
On the external firewall you would open a port that they would use which will be forwarded to this server..
For more security, you might want to consider using ssh keys, no password authentication.....
ASKER
Thanks Arnold,
I don't suppose there are any handy guides you know of to help me?
Thanks for all your help :-)
I don't suppose there are any handy guides you know of to help me?
Thanks for all your help :-)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for all your help.
This establishes a connection without opening terminal, -t
-L setup local tunnel, Localport:remotehostname:r
In the example I used localhost for the remote host since you indicated the MySQL is running on the server.
If you are using an ssh gateway to and through which, then the remote host will need to be the remote hostname that the ssh gateway will be establishing/completing the tunnel to.
MySQL localhost:3306 will go through the ssh tunnel, and will connect to the localhost on the remotehost port 3306.
Ssh, could mean any ssh application most follow the same
.......
You've provided very little detail, do you already have an ssh server configured/running on the Windows 2012?
You could look at Cygwin to setup in tge server with running ssh server........