| | 1 | == Host == |
| | 2 | |
| | 3 | The database is hosted at '''ihp-pc45.ethz.ch''' |
| | 4 | == User == |
| | 5 | |
| | 6 | First, you need a user. For the moment, a user 'fact' is available with the standard password. The user 'fact' is allowed to connect from everywhere if an encrypted connection is used. Usually, all reasonably recent mysql clients are using encrypted connections. So in most cases, a simple should be enough |
| | 7 | |
| | 8 | {{{> mysql -h ihp-pc45.ethz.ch -u fact -p}}} |
| | 9 | |
| | 10 | To enforce encryption, --ssl (oder clients) or --ssl-mode=REQUIRED can be used. If you have problems with the connection, you can also try --protocol=TCP. |
| | 11 | |
| | 12 | Note that the mysql client libraries at ISDC are too old and do not allow for encrypted connections. Thus no connection from ISDC is possible without tunnel. How to tunnel your connection is explained in the following. Note that it requires an account on ihp-pc45 (which I think should not be generally available). Thus this is mainly meant as a solution for automatic processes running at ISDC, for example, to update the database. |
| | 13 | |
| | 14 | == Forward Tunnel == |
| | 15 | |
| | 16 | If you are logged in at ISDC as 'user' and you have an account 'ethz' at ihp-pc45, you can use a tunnel. To setup a tunnel use |
| | 17 | |
| | 18 | {{{ISDC> ssh -x -C -n -N -q -L 10000:localhost:3306 ethz@ihp-pc45.ethz.ch}}} |
| | 19 | |
| | 20 | Note that after log-in this process seems to stall (nothing happens anymore). This is correct. The tunnel is open. It will forward the local port 10000 from the ISDC machine to the port 3306 on a machine which is accessible as 'locahost' from ihp-pc45. |
| | 21 | |
| | 22 | The mysql call would now look like |
| | 23 | |
| | 24 | {{{> mysql -h 127.0.0.1 -P 10000 -u fact -p}}} |
| | 25 | |
| | 26 | Note that you need to use the IP address instead of localhost, otherwise the mysql client tries to use a socket connection (which will fail). You could also use --protocol=TCP. |
| | 27 | |
| | 28 | As the mysql connection now comes via the loopback interface and not via the external IP, the connection of the mysql client is allowed to be unencrypted. |
| | 29 | |
| | 30 | == backward Tunnel == |
| | 31 | |
| | 32 | Assume that you are already logged into ihp-pc45.ethz.ch and want to execute a mysql at ISDC accessing ihp-pc45, a backward tunnel can be used: |
| | 33 | |
| | 34 | {{{ihp-pc45> ssh -x -C -n -N -q -R 10000:localhost:3306 user@isdc-nx.isdc.unige.ch}}} |
| | 35 | |
| | 36 | This command will log you into isdc-nx and (in parallel) create a tunnel from port 10000 at isdc-nx to port 3306 of a machine which is called 'localhost' from where you started the ssh connection (ihp-pc45). |
| | 37 | |
| | 38 | You can now do |
| | 39 | |
| | 40 | {{{ISDC> mysql -h localhost -P 10000 -u fact -p}}} |
| | 41 | |
| | 42 | Note that you need to use the IP address instead of localhost, otherwise the mysql client tries to use a socket connection (which will fail). You could also use --protocol=TCP. |
| | 43 | |
| | 44 | As the mysql connection now comes via the loopback interface and not via the external IP, the connection of the mysql client is allowed to be unencrypted. |
