Access Your Database Remotely Through an SSH Tunnel

access your database remotely through an ssh tunnel

Secure Shell or SSH is a client-server-based communication protocol that is used to connect securely from one machine to another. It uses a network port to create a connection session between the server that listens on the chosen port and the client which sends the SSH connection request on that port.

With this protocol, we can manage our servers and work on them remotely. For example, we can add/edit/delete the services running on the server using an SSH client like PuTTY or Terminal.

SSH tunneling is also known as SSH port forwarding, which means we can route our traffic through SSH secure connection. It allows us to use the established SSH connection to set up a new “secure” connection from your computer to the remote server. There are three types of SSH port forwarding.

  • Local Port Forwarding
  • Remote Port Forwarding
  • Dynamic Port Forwarding

By default, MySQL or PostgreSQL server only listens on localhost which means it can only be accessed by other applications hosted on the same server. To connect remotely to the server, we need to make MySQL or PostgreSQL listen not only on localhost, we would also need to add or edit the database user’s permission to be able to connect remotely, modify the firewall, etc. For some people, this would take time and they would use SSH tunneling instead.

In this tutorial, we will show you how to connect to a MySQL server through SSH tunneling, or local port forwarding.

Prerequisites:

SSH Client
SSH login credentials
MySQL client

Create SSH Tunnel and Connect to the Database Server from Windows

To connect to your server where the MySQL server is hosted, you will need an SSH client. If you use Windows as your computer’s operating system, you can use a free software called PuTTY to connect to your server. You can download PuTTY from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Once downloaded, run the application and enter the following information:

Host Name (or IP address) – enter your server hostname or its IP address.
Port – enter the listening port of your server’s SSH daemon
Connection type – SSH

how to access your database remotely through an ssh tunnel

On the left side navigation tree in PuTTY, click on Connection > SSH > Tunnels. Enter the database server (MySQL, PostgreSQL, etc) port under the “Source port”. Then in the destination box type “127.0.0.1:3306” and finally click on Add.

access database remotely through an ssh tunnel

Now, click on the Session in the Category navigation tree, type “tunnel” in the “Saved Session” box then click on Save button.

how to gain access to your database remotely through an ssh tunnel

In the future, you do not need to create a new session for tunneling, you can simply load the saved session. Now, we can click on the Load button and you will be asked for your SSH login credentials.

gain access to database remotely through an ssh tunnel

In this tutorial, we are going to use MySQL shell to access the remote MySQL server through SSH tunneling. Once the SSH session is connected, you can open your Windows command prompt and go to your MySQL shell directory and run the following command as if you are accessing from the same server.

mysqlsh -u sshtunnel -p -h localhost
get access to database remotely through an ssh tunnel

As seen in the picture, we are using MySQL user ‘sshtunnel’, make sure you change this to your MySQL username. Once connected, you will see “MySQL localhost:3306 ssl JS“, to switch to MySQL mode just type \sql and hit enter.

Now, you are in MySQL mode and you should be able to run MySQL shell commands.

Create SSH Tunnel and Connect to the Database Server from Linux and MacOS


If you are using a Linux distro or MacOS, you do not need to download an SSH client because it’s already available on your system.

To connect to your MySQL server through SSH, you can use Terminal. Run Terminal and connect to your server by invoking this command:

ssh -fNg -L 3306:127.0.0.1:3306 sshtunnel@123.123.123.123 -p7022
how to get access to database remotely through an ssh tunnel

With this command, we are going to log in to 123.123.123.123 (replace this with your server’s actual IP address) with sshtunnel as the SSH username through port 7022 (replace this with your SSH listening port), you will be asked for “sshtunnel” password then once entered the command will go into the background (-f) and not execute remote commands (-N), and set up port-forwarding (-L local_port:localhost:remote_port). In this example, we will use 3306 both as a local port and a remote port. If you already have a MySQL server running on your machine, you can use another port.

Once connected, you should be able to connect to a remote database locally, just like accessing a local database.

From Linux machine

mysql -h 127.0.0.1 -P 3306 -u dbuser -p db

From MacOS

mysqlsh -h 127.0.0.1 -P 3306 -u dbuser -p 
easily access database remotely through an ssl tunnel

That’s all! You should be able to connect to your database server through an SSH tunnel. You can also use an application to access the remote MySQL server, like Navicat or MySQL Bench. To have this done within minutes, our team of professionals can help you, as long as you have managed database hosting with RoseHosting. They are available for support and assistance 24/7, all year long.

If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

Leave a Comment