How do I use ssh ProxyCommand to connect to remote MySQL server behind bastion host?

2

2

Three machines are involved here.

  1. Localhost where I do my development. AKA laptop.
  2. Bastion host where you must connect first. AKA jump.
  3. MySQL server where I want to connect to. AKA DB.

My ssh public key is in /home/myusername/.ssh/authorized_keys on jump.

My ~/.ssh/config has this:

Host jump
    HostName jump.domain.com
    User myusername
    IdentityFile ~/.ssh/myprivatekey

I can ssh jump and get onto jump fine.

What ssh command do I need to run in terminal on Laptop in order to be able to connect from Laptop to DB via 

mysql -h 127.0.0.1 -P 3308

I need an SSH tunnel and a port forwarding, but I have yet to get the syntax correct. I want to use 3308 for production DB and 3307 for staging DB and am running local MySQL DB on 3306, which is why port forwarding to non-standard mysql ports.

phpguru

Posted 2015-01-23T22:59:56.413

Reputation: 328

Answers

1

The command is ssh -fL <mysql db port>:<mysql server url>:<mysql db port> <username>@<bastian url> '<remote command>'.

source

akofink

Posted 2015-01-23T22:59:56.413

Reputation: 111

Do you have extra sources to corroborate your response? It looks a little too simple to be that easy a retort to this question. I'm not calling you "wrong". I'm just skeptical. – killermist – 2015-01-24T01:46:32.223

I am pretty sure -t (force pseudo-tty) is not required for a tunnel to a MySQL server, and -f is required to run a remote command. – phpguru – 2015-01-28T17:41:41.383

1

This is what I ended up using:

ssh -f -L3307:staging.mysql-server.com:3306 jump sleep 10000000
ssh -f -L3308:production.mysql-server.com:3306 jump sleep 10000000

which is from http://csce.uark.edu/~kal/info/private/ssh/ch09_02.htm sec 9.2.6

Note: Contrary to the question I asked, no proxyCommand is needed, just the right combination of ssh command line options.

phpguru

Posted 2015-01-23T22:59:56.413

Reputation: 328

0

You can use the following .ssh/config assuming you connect from machine A to C, through machine B

Host B
  User username_on_b
  Hostname ip_of_b
  IdentityFile ~/.ssh/key_for_b

Host C
  User username_on_c
  Hostname ip_of_c
  IdentityFile ~/.ssh/key_for_c
  Localforward 3308 ip_of_your_sql_server:3306
  Proxyjump B
  # or old-fashion
  # Proxycommand ssh B nc %h %p

Then you simply type from A :

ssh C

Then from A, you can 

mysql -P 3308 -H localhost

jmary

Posted 2015-01-23T22:59:56.413

Reputation: 141

Asked: 2015-01-23T22:59:56.413

Viewed: 1 371 times

Active: 2020-01-21T15:26:02.680