[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
howtos:misc:connect_client_over_ssh_tunnel_to_mariadb [2019/06/25 14:45 (UTC)] – created mahafyihowtos:misc:connect_client_over_ssh_tunnel_to_mariadb [2019/06/26 01:51 (UTC)] (current) – [How to connect mysql client over SSH tunnel to Mariadb server] mahafyi
Line 3: Line 3:
 For setting up your working Mariadb server, [[howtos:databases:install_mariadb_on_slackware|read this howto]]. For setting up your working Mariadb server, [[howtos:databases:install_mariadb_on_slackware|read this howto]].
  
-You may want to connect clients to the database server over network securely. Instead of using TLS (which is available natively) for this, the same can also be achieved by tunneling over SSH by following the below steps. +You may want to connect clients to the database server over network securely. Instead of using TLS (which is [[https://mariadb.com/kb/en/library/data-in-transit-encryption/ |available natively]]) for this, the same can also be achieved by tunneling over SSH by following the below steps. 
  
 __**On the database server**__ __**On the database server**__
  
   - Ensure there is no blocking by firewall for the ports/protocols/hosts.. The default Mariadb port is TCP 3306.   - Ensure there is no blocking by firewall for the ports/protocols/hosts.. The default Mariadb port is TCP 3306.
-  - Ensure that the SKIP=”..skip-networking…” line in /etc/rc.d/rc.mysld is commented out. This will allow external client connections to the server.+  - Ensure that the SKIP=”..skip-networking…” line in /etc/rc.d/rc.mysqld is commented out. This will allow external client connections to the server.
   - Identify a user who will be the SSH tunnel user. This refers to the Linux user. You may use the command ‘adduser <username>’ to create a new user.   - Identify a user who will be the SSH tunnel user. This refers to the Linux user. You may use the command ‘adduser <username>’ to create a new user.
   - Edit /etc/ssh/sshd_config, if necessary, to ensure that key based authentication is allowed for this user. The /etc/rc.sshd service will of course have to be restarted if any edits had been made.   - Edit /etc/ssh/sshd_config, if necessary, to ensure that key based authentication is allowed for this user. The /etc/rc.sshd service will of course have to be restarted if any edits had been made.
Line 14: Line 14:
 __**On the client machine**__ __**On the client machine**__
  
-Generate keys for authentication ssh-keygen without a passphrase as follows. You may use RSA also. The below command will create a private and public key after giving you file name option. Just hot enter to avoid using a passphrase.+Generate keys for authentication using ssh-keygen without a passphrase as follows. You may use RSA also. The below command will create a private and public key after giving you file name option. Just hit enter to avoid using a passphrase. Create and login as a similar tunnel user when doing this.
   ssh-keygen -t ecdsa -b 521 -C my-comments   ssh-keygen -t ecdsa -b 521 -C my-comments
 The public key with filename extension .pub should be installed in the database server user’s authorized_keys. The contents of the .pub file can be copy pasted or you can use a command line utility like ssh-copy-id as shown below. Never copy the private key to other server. The public key with filename extension .pub should be installed in the database server user’s authorized_keys. The contents of the .pub file can be copy pasted or you can use a command line utility like ssh-copy-id as shown below. Never copy the private key to other server.
Line 27: Line 27:
 ====== Sources ====== ====== Sources ======
 <!-- If you are copying information from another source, then specify that source --> <!-- If you are copying information from another source, then specify that source -->
-<!-- * Original source: [[http://some.website.org/some/page.html]] -->+<!-- * Original source: [[https://mariadb.com/resources/blog/connecting-to-mariadb-through-an-ssh-tunnel/]] -->
 <!-- Authors are allowed to give credit to themselves! --> <!-- Authors are allowed to give credit to themselves! -->
 <!-- * Originally written by [[wiki:user:mahafyi | User X]] --> <!-- * Originally written by [[wiki:user:mahafyi | User X]] -->
 <!-- * Contributions by [[wiki:user:yyy | User Y]] --> <!-- * Contributions by [[wiki:user:yyy | User Y]] -->
 +Adapted from original source: [[https://mariadb.com/resources/blog/connecting-to-mariadb-through-an-ssh-tunnel/]] 
 +
 Originally written by [[wiki:user:mahafyi | mahafyi]] Originally written by [[wiki:user:mahafyi | mahafyi]]
 <!-- Please do not modify anything below, except adding new tags.--> <!-- Please do not modify anything below, except adding new tags.-->
 <!-- You must remove the tag-word "template" below before saving your new page --> <!-- You must remove the tag-word "template" below before saving your new page -->
 {{tag>howtos mariadb mysql tunneling ssh tunnel}} {{tag>howtos mariadb mysql tunneling ssh tunnel}}
 howtos:misc:connect_client_over_ssh_tunnel_to_mariadb ()