Like telnet, all communications between MySQL server and its client, including username and password, are transmitted in plain text. It allows everyone to sniff on your session and get your password and other valuable information.
The following method ensures a higher security level on the connection between MySQL server and its client. The communication between them is done on the SSH tunnel which is more secure because it uses encryption.
First thing first, make sure that the SSH server daemon is already installed in your MySQL server. You can check it by running:
ps ax | grep sshd
If you find a line containing /usr/sbin/sshd, it means the service is already installed and run. If not and you are using Ubuntu, run this command:
sudo apt-get openssh-server
Activate the service.
On the client that will connect to to MySQL server, run SSH client. For example: BitVise Tunnelier (Windows OS) can be downloaded here.
On the tab Login, insert:
- the name or the IP address of the MySQL server on the textbox Host
- username (must be registered in the server)
- choose Initial method on password
Configuring IP Forward
Open the tab C2S Fwding. Add one entry on the table, as follows:
a. Status : enabled
b. Listen Interface : 127.0.0.1
c. List. Port : 3306
d. Destination host : the name or IP address of the MySQL server
e. Dest. Port : 3306
Click the button Login. Enter the account info (username and password).
After successfully opening an SSH session, run the application (client)that will use MySQL service. Now the client computer opens the local port 3306 that will forward all communications to the MySQL server.
Direct the MySQL server address to localhost (127.0.0.1), not to the actual MySQL server.
If you use the mysql client program, run :
prompt> mysql –u root –p
Viewed on the server side, the user is accessing MySQL directly from the server with the account root@nama_server_MySQL. So use the password for local root.
