AboutBlogContact
🇺🇸 EN🇰🇬 RU🇰🇬 KY🇰🇿 KZ
SecurityMarch 18, 2006 2 min read 18

OpenSSH Tunneling: Securing Database Connections Over Public Networks (2006)

AunimedaAunimeda
#SSH#Security#OpenSSH#Databases#Networking
📋 Table of Contents

OpenSSH Tunneling: Securing Database Connections Over Public Networks

It’s 2006, and "Cyber Security" is no longer just a buzzword. With the rise of automated bots scanning the internet for port 3306 (MySQL) or 5432 (PostgreSQL), leaving your database port open to the world is an invitation for a data breach. But you still need to manage your production data from your local machine. The solution? SSH Tunneling (Local Port Forwarding).

The Concept

SSH Tunneling allows you to create an encrypted "tunnel" between your local machine and your server. You connect to a local port, and the SSH client forwards that traffic through the encrypted connection to the remote server, which then passes it to the database.

Creating a Local Tunnel

If your database is running on 127.0.0.1 of your remote server, you can map it to your local machine using the -L flag.

# On your local machine:
ssh -L 3307:localhost:3306 user@your-remote-server.com

This command says: "Listen on my local port 3307. Any traffic sent there should be tunneled to the remote server and then forwarded to localhost:3306 from the perspective of that server."

Now, you can connect your database GUI (like HeidiSQL or Navicat) to:

  • Host: 127.0.0.1
  • Port: 3307

Running in the Background

If you don't want to keep a terminal window open, you can use the -f (background) and -N (don't execute remote command) flags.

ssh -f -N -L 3307:localhost:3306 user@your-remote-server.com

Why This is Better Than a VPN

In 2006, setting up a full VPN like OpenVPN is a significant undertaking. SSH is almost certainly already installed and configured on your Linux server. It uses the same credentials you use for shell access, and it's extremely efficient.

Hardening SSH

Since SSH is now your gateway to the database, you must secure it:

  1. Disable Password Auth: Use SSH keys instead.
  2. Change the Port: Move SSH from 22 to something obscure to reduce log spam from bots.
  3. Use AllowUsers: Limit who can even attempt to connect.

SSH is the "Swiss Army Knife" of networking. Mastering tunneling is an essential skill for any developer or admin operating in the increasingly hostile landscape of 2006.

Aunimeda

Aunimeda

Команда Aunimeda — IT-компания. Разрабатываем сайты, мобильные приложения и AI-решения для бизнеса.

Read Also

Mastering ipfwadm: Hardening Linux 2.0.x Firewalls (1998)aunimeda
Security

Mastering ipfwadm: Hardening Linux 2.0.x Firewalls (1998)

The internet is a dangerous place. If you're running a Linux box in 1998 without ipfwadm, you're just waiting for a script kiddie to find you. Here's how to lock it down.

SSH: Why You Should Stop Using Telnet Right Nowaunimeda
Security

SSH: Why You Should Stop Using Telnet Right Now

Tatu Ylönen has released Secure Shell (SSH). If you're still sending your passwords over the wire in plain text with Telnet, you're asking for trouble.

PGP: Phil Zimmermann's Crypto for the Massesaunimeda
Security

PGP: Phil Zimmermann's Crypto for the Masses

Privacy is no longer just for the government. Phil Zimmermann just released PGP, and it brings RSA encryption to every desktop. The Feds aren't happy.

Need IT development for your business?

We build websites, mobile apps and AI solutions. Free consultation.

Get Consultation All articles