Agnus Dei (jackal) wrote,
Agnus Dei
jackal

Daisy Chaining SSH Tunnels

This allows me to connect to a remote database from my desktop by daisy chaining ssh tunnels through a jump host to the remote database.

This way the data is moved over the network encrypted and secure.   In my case all logins are done using GSSAPI (kerberos ticket forwarding).

In a terminal:

# export RANDOMPORT=$RANDOM ; ssh brad.allison@hostname-1.com -L3308:0:$RANDOMPORT RANDOMPORT=$RANDOMPORT ssh brad.allison@hostname-2.com -L$RANDOMPORT:0:3306

OR MUCH EASIER (use ProxyCommand, requires netcat though):

# ssh -o "ProxyCommand ssh brad.allison@hostaname-1.com nc %h %p" -l brad.allison hostname-2.com -L3308:0:3306



Then on my local desktop, run the mysql client (I bound the tunnel to port 3308 locally):

# mysql -uroot -p -h0 -P3308

Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

  • 0 comments