SSH: Difference between revisions

Line 96:

<code>ssh -o IdentitiesOnly=true -i /home/me/.ssh/my_private_key me@example.com</code> will now work

== Tunnel ==

You have a headless server running your development or production database(s). You work on a nice workstation or laptop. You want to use a graphical database administration tool like MySQL Workbench on the remote server.

# send local MySQL traffic on 33306 to the remote side standard port 3306

# this allows me to open a desktop client locally on the extended port

# and talk to the server like it was local through an encrypted SSH tunnel

# eqivalent to ssh -L 127.0.0.1:33306:127.0.0.1:3306 greg@freephile

# By putting this stanza in .ssh/config I can just "ssh eqt"

Host do eqt et freephile freephile.org

HostName freephile.org

LocalForward 33306 localhost:3306

User greg

IdentityFile ~/.ssh/id_rsa

</source>

=== Debugging ===

To find out what is connected and/or listening on a given port, you can use <code>lsof</code> with the <code>-i</code> option for '''Internet files'''

e.g.

# mysql

sudo lsof -i :3306

# postgres

sudo lsof -i :5432

# mail

sudo lsof -i :smtp

# how much is chrome doing (don't necessarily need sudo)

lsof -c chrome

</source>

== Reverse Tunnel ==

Maybe you've got a production database server that wasn't setup properly for security, and only allows "local" database connections. You need to access your production data from places other than your datacenter. You could fix it - but that would take a lot of effort that the boss doesn't care about. SSH to the rescue!

@@ Line 96: / Line 96: @@
 <code>ssh -o IdentitiesOnly=true -i /home/me/.ssh/my_private_key me@example.com</code> will now work
+== Tunnel ==
+You have a headless server running your development or production database(s).  You work on a nice workstation or laptop.  You want to use a graphical database administration tool like MySQL Workbench on the remote server.
+<source lang="text">
+  # send local MySQL traffic on 33306 to the remote side standard port 3306
+  # this allows me to open a desktop client locally on the extended port
+  # and talk to the server like it was local through an encrypted SSH tunnel
+  # eqivalent to ssh -L 127.0.0.1:33306:127.0.0.1:3306 greg@freephile
+  # By putting this stanza in .ssh/config I can just "ssh eqt"
+Host do eqt et freephile freephile.org
+  HostName freephile.org
+  LocalForward 33306 localhost:3306
+  User greg
+  IdentityFile  ~/.ssh/id_rsa
+</source>
+=== Debugging ===
+To find out what is connected and/or listening on a given port, you can use <code>lsof</code> with the <code>-i</code> option for '''Internet files'''
+e.g.
+<source lang="bash">
+# mysql
+sudo lsof -i :3306
+# postgres
+sudo lsof -i :5432
+# mail
+sudo lsof -i :smtp
+# how much is chrome doing (don't necessarily need sudo)
+lsof -c chrome
+</source>
 == Reverse Tunnel ==
 Maybe you've got a production database server that wasn't setup properly for security, and only allows "local" database connections.  You need to access your production data from places other than your datacenter.  You could fix it - but that would take a lot of effort that the boss doesn't care about.  SSH to the rescue!