Bureaucrats, confirmed, Administrators
4,558
edits
Changes
adds tunnel and debugging
<code>ssh -o IdentitiesOnly=true -i /home/me/.ssh/my_private_key me@example.com</code> will now work
== Tunnel ==
You have a headless server running your development or production database(s). You work on a nice workstation or laptop. You want to use a graphical database administration tool like MySQL Workbench on the remote server.
<source lang="text">
# send local MySQL traffic on 33306 to the remote side standard port 3306
# this allows me to open a desktop client locally on the extended port
# and talk to the server like it was local through an encrypted SSH tunnel
# eqivalent to ssh -L 127.0.0.1:33306:127.0.0.1:3306 greg@freephile
# By putting this stanza in .ssh/config I can just "ssh eqt"
Host do eqt et freephile freephile.org
HostName freephile.org
LocalForward 33306 localhost:3306
User greg
IdentityFile ~/.ssh/id_rsa
</source>
=== Debugging ===
To find out what is connected and/or listening on a given port, you can use <code>lsof</code> with the <code>-i</code> option for '''Internet files'''
e.g.
<source lang="bash">
# mysql
sudo lsof -i :3306
# postgres
sudo lsof -i :5432
# mail
sudo lsof -i :smtp
# how much is chrome doing (don't necessarily need sudo)
lsof -c chrome
</source>
== Reverse Tunnel ==
Maybe you've got a production database server that wasn't setup properly for security, and only allows "local" database connections. You need to access your production data from places other than your datacenter. You could fix it - but that would take a lot of effort that the boss doesn't care about. SSH to the rescue!