January 13th, 2016

Daisy Chaining SSH Tunnels

This allows me to connect to a remote database from my desktop by daisy chaining ssh tunnels through a jump host to the remote database.

This way the data is moved over the network encrypted and secure.   In my case all logins are done using GSSAPI (kerberos ticket forwarding).

In a terminal:

# export RANDOMPORT=$RANDOM ; ssh brad.allison@hostname-1.com -L3308:0:$RANDOMPORT RANDOMPORT=$RANDOMPORT ssh brad.allison@hostname-2.com -L$RANDOMPORT:0:3306

OR MUCH EASIER (use ProxyCommand, requires netcat though):

# ssh -o "ProxyCommand ssh brad.allison@hostaname-1.com nc %h %p" -l brad.allison hostname-2.com -L3308:0:3306



Then on my local desktop, run the mysql client (I bound the tunnel to port 3308 locally):

# mysql -uroot -p -h0 -P3308