[CentOS] ssh port forwarding
Chris Geldenhuis
chris.gelden at iafrica.com
Fri Jul 13 06:04:24 UTC 2012
On 07/13/2012 03:45 AM, SilverTip257 wrote:
> Doug,
>
> It's also possible to send ssh to the background and also skip remote
> commands (perfect for tunneling).
>
> Options for ssh command:
> -f .......... background
> -N ......... skip remote commands
>
> ** Personally I'd look for a more robust tunnel/VPN alternative. **
> 1) OpenSSH tun/tap devices - but this should really be used for a
> 'one-off' quick tunnel => requires root to establish, so it's not
> ideal for every situation! (think roadwarriors, etc)
> 2) OpenVPN - SSL VPN - software/application based - simpler to set up
> as a result
> 3) OpenSWAN - IPSec VPN - hooks into the kernel (netkey or klips)
>
> ---~~.~~---
> Mike
> // SilverTip257 //
>
>
> On Thu, Jul 12, 2012 at 4:15 PM, We Are Here<support at wearehere.net> wrote:
>> At 19:15 12/07/2012, you wrote:
>>
>> Hi Doug,
>>
>>> Thanks for the feedback Tim.
>> Glad I could help.
>>
>>> Using your string, I can now telnet to port 22222 on localhost (hostA) and
>>> I get the mysql connection string (from hostB), but it is not able to make
>>> a mysql connection (using mysql -u user -p -h localhost --port=22222 from
>>> hostA), with a test user that I set up to allow connections from anywhere.
>>> The error that I am getting is:
>>> ERROR 2002 (HY000): Can't connect to local MySQL server through socket
>>> '/var/lib/mysql/mysql.sock' (2)
>>>
>>> I did test and the mysql test user that I created is able to connect from
>>> hostB.
>> Because the mysql connection is via an ssh tunnel, you need to ensure
>> on the MySQL server hostB
>> that is allows the mysql user access from 127.0.0.1 on hostB as that
>> is effectively where the MySQL
>> server on hostB sees the connection coming from.
>>
>>> Also, when I do this, it still opens up an ssh session, logging me into the
>>> remote machine, thus making it so I can't use this terminal.
>> Yes you need to run it is a screen session if you want it permanently
>> connected.
>>
>>> The eventual goal is to do this in a script, that will open the connection,
>>> use it for the duration of the script, and then close it when the script
>>> finishes, but it looks like that won't work, since it is logging me into
>>> the remote machine. I guess I could get around that by always leaving the
>>> screen session going with the connection, but I would prefer only creating
>>> the connection when I need it.
>>>
>>> Any ideas how to do this without leaving the connection open all the time?
>> I have used an expect script to do this in the past. Which allows
>> you to remotely log in to a server.
>> Downside is you need to store the password in plain text in the
>> expect script. So make sure only
>> root can read the script. Or setup a lower privilege user to use
>> sudo and do it that way.
>>
>> regards Tim
>> Tim D'Cruz
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
Hi,
You can also set up ssh access using keys so that you do not need to
enter a password when connecting.
Regards
ChrisG
More information about the CentOS
mailing list