i copied this from
http://www.debuntu.org/port-forwarding-and-channel-3-open-failed-connect-failed-Connection-refusedneed to think about this....
Ssh Port Forwarding and "channel 3: open failed: connect failed: Connection refused"
ERROR 2013 (HY000): Lost connection to MySQL server during query
or
channel 3: open failed: connect failed: Connection refused
might find an answer to their problem.
By default and for security reasons, Linux distribution don't let mysqld server accessible from the outside. There is actually 2 ways to achieve this:
- binding the service to address 127.0.0.1, this is the default on ubuntu
- skipping networking, in that case, only local (non TCP/IP) connections will be allowed, on Unix, connections will be made through a Unix socket. This is the default on debian sarge
In the first solution, you need to add in the [mysqld] section of /etc/mysql/my.cnf the directive:
bind-address = 127.0.0.1
the second solution use:
skip-networking
instead.
While you can connect on a localhost server which skip networking like you could with a server which only listen on 127.0.0.1 address using:
$mysql -u root -p -h localhost
you can not connect to it using an ssh tunnel with port forwarding.
as you will get an error like:
channel 3: open failed: connect failed: Connection refused
on the remote host
and:
ERROR 2013 (HY000): Lost connection to MySQL server during query
on the client host.
So in order to be able to connect to a remote mysql server which is only accessible from localhost, comment the directive:
skip-netwoking
and replace it with
bind-address = 127.0.0.1
This will not make your server less secure (as the service won't be accessible from the outside) and you will be able to access your database server remotely with tools like mysql-query-browser, mysql-administrator using a ssh tunnel.
Hope this helped.
***********************************************previous thing was
This time, we are going a bit further and will see howto connect to a remote server running ssh in order to be able to access a sql server on the remote LAN.
This system allow to hide the SQL server from the outside. Please, keep in mind that in this example, we are connecting to a MySQL server, but it could be any service running there.
Let's put it on the table. Imagine that we have got a web server which is put under high load, a clever way to soften the effect of the load and in the same way protect our SQL datas from the outside will be to have the HTTP server available to the outside (so it can serve the web pages), and hide our MySQL server from the outside.
This will look like this:
We saw last time, that in order to securely connect to a remote MySQL server running both mysql and ssh, we had to create a tunnel between our desktop and the server where we had to forward port 3307 on our desktop to port 3306 running locally on the remote server by giving the following intruction to ~/.ssh/config:
Localforward 3307 localhost:3306
This time, we want to forward port 3307 on our desktop to port 3306 on the MySQL server (let says it as 192.168.0.3 as IP adress). The only change we have to make to the previous configuration is to change the Localforward instruction by:
Localforward 3307 192.168.0.3:3306
And simply use the same mysqlcc configuration as the one given in the How To Connect to a remote mysql server using mysqlcc and ssh tunneling Tutorial. It is as simple as that :). Here is an overview of the final configuration we have deployed:
.
People which do not want to use ~/.ssh/config might use the following command:
tester@laptop:~$ssh -L 3307:192.168.0.3:3306 myuser@remotesshserver.com
Now, you can play around with port forwarding, later on, I will show you how to go even further and just do some useless be geeky thing.
cheerio
