Black Lives Matter. Please consider donating to Black Girls Code today.

Connecting to MySQL Through SSH Tunnel

Note: There’s a thread on this topic here, but creating a new one for visibility.

I’m trying to connect to a remote MySQL database from the Falcon client via an SSH tunnel. Is this possible?

Per this Github issue, I opened an SSH tunnel through the command line and then entered my database credentials in Falcon, but I kept getting 400 errors (separately, I confirmed that all of the credentials were correct).

The Falcon-MySQL setup page (sorry, the forum won’t let me add a third link) doesn’t mention SSH and I haven’t seen any other documentation on this. Does anyone have any tips? Does Falcon support SSH?

1 Like

I guess this is an issue with the setup of the SSH tunnel. How did you setup the SSH tunnel?

For example (admittedly unrealistic), the following command sets up an SSH tunnel in the localhost that forwards port 33333 to our MySql test server:

ssh -L 33333:readonly-test-mysql.cwwxgcilxwxw.us-west-2.rds.amazonaws.com:3306 127.0.0.1

This makes it accessible from Falcon with the following credentials:

username: masteruser
password: connecttoplotly
host: 127.0.0.1
port: 33333
database: plotly_datasets

I’m connecting to the SSH tunnel via

ssh mysshusername@mysshhostaddress

My MySQL database uses the standard port (3306). After I open the SSH tunnel, I’m able to connect to the database on the command line via

mysql -h mymysqlhost -u mymysqlusername -p
(and then my password)

My SSH tunnel uses the standard port 22. Maybe this is a port forwarding issue? (Though I’m not sure what I should be specifying since I’m only using the defaults?)

I’m afraid this is a misunderstanding. An SSH server and an SSH tunnel are two different things.

The standard port for an SSH server is 22.

The command ssh mysshusername@mysshhostaddress opens a terminal by connecting to the SSH server on port 22, but it doesn’t create an SSH tunnel (a.k.a SSH port-forwarding).

Assuming your setup is as follows:

my.computer (where Falcon is running)
my.ssh.server (where you connect through SSH and where you can access my.mysql.server)
my.mysql.server (where MySql is running; only accessible from my.ssh.server)

The command to setup an SSH tunnel that goes from my.computer:3306 to my.mysql.server:3306 via my.ssh.server is:

ssh -L 127.0.0.1:3306:my.mysql.server:3306 my.ssh.username@my.ssh.server

Once you’ve setup the SSH tunnel, Falcon can access the MySql server through the tunnel with the credentials:

username: my.mysql.username
password: my.mysql.password
host: 127.0.0.1
port: 3306
database: my.database

See the ssh’s manpage for more details.

1 Like

Thanks for the primer (still learning). I’ll have to speak with the database administrator, as it looks like port forwarding is disabled on the server. Falcon doesn’t support private key authentication, does it? (I’m thinking of something like what Sequel Pro offers (see the last question on the page) - https://sequelpro.com/docs/get-started/get-connected/remote)

Falcon doesn’t support private key authentication, does it?

Falcon doesn’t support the automatic setup of an SSH tunnel yet (the github issue you linked is a request for Falcon to do so, similarly to what is described in the Sequel Pro documentation you linked).

At the moment, Falcon can connect through an SSH tunnel, but users have to setup the SSH tunnel (and optionally the private key authorisation) themselves.