Reputation: 5420
Create a SSH tunnel from a Jump host to a Database and access the database on Jump Host Port
I am trying to create a SSH tunnel between a database running server port and another server as the following.
MySQL:3306 <=====> Server-A:3306
And I want to use the Server-A:3306 as the database URI to connect to the database.
I am running the following on ServerA
ssh -f -N -i ~/keys/test.pem [email protected] -L5001:127.0.0.1:2001
I can see that the tunnel is up and running. But when I use the public IP of Server-A and try to connect to the database, It does not work.
If I create another tunnel between between Server-A and where I run the MySQL client. then it works. But I don't want to do that.
What can be the reason for this issue. I am fairly new to scripting
Upvotes: 3
Views: 3128
Answers (1)
Reputation: 2218
by default local side (ssh client) creates listening port at loopback interface with address 127.0.0.1 when you use command like this
ssh me@server -L3306:localhost:3306
if you check netstat on your host you will see something like this
sudo netstat -ntlp | grep 3306
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 12354/ssh
So applications at your local node can connect to such mapped service because loopback interface is visible to host itself but external nodes have no access to this virtual interface so can't make any connections to any service(port) which is listening on this single interface.
To instruct local ssh client to share such mapped port to the world you need to instruct it to bind to either all interfaces (including loopback) or to specific interface only
# here you explicitly tell ssh client to accept connection to your tunnel
# from any client(i.e. bind listenning port to all interfaces)
ssh me@server -L0.0.0.0:3306:localhost:3306
sudo netstat -ntlp | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 12354/ssh
#here you do the same thing by using -g option
ssh me@server -g -L3306:localhost:3306
sudo netstat -ntlp | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 12354/ssh
#and here is an example of how to bind to specific interfaces only
# 10.0.0.12 is an IP of one of interfaces on your node
# 10.1.0.156 is also IP address of one interfaces of your node
ssh me@server -L10.0.0.12:3306:localhost:3306 -L10.1.0.156:3306:localhost:3306
sudo netstat -ntlp | grep 3306
tcp 0 0 10.0.0.12:3306 0.0.0.0:* LISTEN 12354/ssh
tcp 0 0 10.1.0.156:3306 0.0.0.0:* LISTEN 12354/ssh
Upvotes: 3
Related Questions
- Running DBT over SSH Tunnel and Jump Box
- How to SSH tunnel from jump server to another server without directly logging in to the jump server
- SSH tunnel to Database from two level of jump server with different keys
- Access the database from outside using a SSH tunnel Fortrabbit
- SSH tunnel forwarding with jump host and remote database
- Connecting to MySQL database via SSH (over a jump host) using python 3
- Connecting to MySql database with SSH tunneling on remote host with specific mysql host
- How do I port forward from a remote server through a jump box
- (Win7/Putty) How to use MySQL Workbench to connect to a DB server which is only accessible after ssh'ing to a jump server
- MySQL Database Connection via SSH Tunnel