Ping a Specific Port

Question

user53864

Asked: 2011-05-29 08:00:10 +0800 CST2011-05-29 08:00:10 +0800 CST 2011-05-29 08:00:10 +0800 CST

Ubuntu MySQL GUI logins with certificate/key

772

I will connect to MySQL on ubuntu cloud server everyday with Mysql Administrator and Mysql Query Browser GUI tools and I feel very slow in responding. I know it is possible to connect with ssh entering the below command in the terminal and then using the Mysql GUI tools.

ssh -L 3307:127.0.0.1:3306 mysql-server-ip

But this is not easy for everybody to run the above command in the terminal and then using the gui tools.

The above ssh command is also good and I felt as if I'm working on local databases but it would be best and easy for everybody if it had an option to specify that ssh command in the mysql gui tools itself.

Moreover I'm thinking to remove ip based restrictions as I'm using iptables rules only to allow mysql and other ports for the specific IPs on cloud server.

Is there any best and easy way of connecting to mysql like using certificate along with mysql gui tools?.

Finally what I'm expecting is, with Mysql GUI tools(Administrator & Query Browser):

I want to easily connect to mysql with some certificate/key
I want to remove ip based restriction so that whoever having key/certificate could connect to mysql

Anybody has any idea?. Thank you!

2 Answers

Voted

user53864 · Answer 1 · 2011-06-09T18:15:32+08:00

Best Answer

user53864

2011-06-09T18:15:32+08:002011-06-09T18:15:32+08:00

Simply I could do this with the help of SSH and MySQL Workbench. The Workbench downloads are available for variety of ubuntu versions in this link. To avoid ip based restrictions, should open ssh port for everyone and disable the ssh password login and instead use ssh-key logins. Only those who are allowed in the firewall can connect to the mysql but having the ssh private key can connect to mysql with the help of MySQL Workbench irrespective of the location, firewall rules, ip addresses and so on via ssh.

Take a look at these links:

http://dev.mysql.com/doc/workbench/en/wb-new-server-instance-wizard.html

http://dev.mysql.com/doc/workbench/en/wb-manage-server-instance-dialog.html

Below are some screenshots showing options to connect to mysql with Workbench: configure workbench

create server instance

overview of workbench home

To avoid ip based restriction with MySQL Query Brower & Aministrator, I don't know other than ssh port forwarding.

I didn't try your answer, I'll try it one day. It takes me more time to understand. Thank you!

2

Lmwangi · Answer 2 · 2011-05-29T23:49:49+08:00

I had the same problem recently. I couldn't find support for SSL in the MySQLgui tools. I also failed to find a MySQL proxy with SSL support that I could install in my network in the folowing way i.e.

Me/Anyone else in my net---------->MySQL Proxy host in my network------->MySQL over TLS-------->MySQL remote endpoint.

My eventual solution was to use stunnel and have:

Me/Anyone else in my net----------->Stunnel host in my net:3306-------->MYSQL in a TLS tunnel----->Stunnel in remote net:3307----->MySQL remote endpoint

The remote stunnel end could also be the mysql server. You can use different ports to fanout to different remote MySQL servers.

Update: This is what I have working for me:

Client end

local-stunnel# cat /etc/stunnel/stunnel.conf |grep -v ';'


sslVersion = SSLv3

chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1



debug = 2
output = /var/log/stunnel4/stunnel.log

client = yes


[mysqlc]
accept  = 13306
connect = remote.example.net:3307

Remote/server end:

remote-stunnel# cat /etc/stunnel/stunnel.conf |grep -v ';'

cert = /etc/pki/tls/certs/stunnel.pem

chroot = /var/run/stunnel/
setuid = nobody
setgid = nobody
pid = /stunnel.pid

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1



debug = 3
output = /var/log/stunnel/stunnel.log



[mysqls]
accept  = 3307
connect = 3306

A certificate and key should be generated and con'cat'ed to a file (stunnel.pem). Mine looks like this

# cat /etc/pki/tls/certs/stunnel.pem 
-----BEGIN RSA PRIVATE KEY-----
MII.....
....
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
MIID....
....
-----END CERTIFICATE-----

So my tunnel looks like:

ME------Plaintext MySQL----->local-stunnel:13306-----TLS--->remote-stunnel:3307---Plaintext MySQL--->127.0.0.1:3306

Of course you can change the connect = 3306 on the remote end point to otherhost:3306

Ubuntu MySQL GUI logins with certificate/key

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?