通过SSH隧道的MySQL连接

Question

I tried to connect on remote server with a ssh tunnel in order to access to a database.

To summarize the situation:

1- When I launch the OS, Mysql service is starting. I can access to local database. I also can connect to the remote server with the command: ssh -i /Path_To_Key user@IP_Server Once connected, the prompt change and I can connect and browse the database on the server. Everything is working fine!!

2- So I want to create a SSH tunnel to access to the remote database from the local port 3306

I'm doing the following steps:

• Stop Mysql service sudo service mysql stop
• Create the tunnel on the port 3306 ssh -i /Path_To_Key -L 3306:127.0.0.1:3306 user@IP_Server -f -N
• Start Mysql service sudo service mysql start

When I try to start Mysql, I have the error message:

Job for mysql.service failed because the control process exited with error code. See "systemctl status mysql.service" and "journalctl -xe" for details."

Here are the results of the command

systemctl status mysql.service

mysql.service - MySQL Community Server
Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
Active: activating (start-post) (Result: exit-code) since mer. 2018-04-25 21:50:15 CEST; 5s ago
Process: 3771 ExecStart=/usr/sbin/mysqld (code=exited, status=1/FAILURE)
Process: 3764 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
Main PID: 3771 (code=exited, status=1/FAILURE);         : 3772 (mysql-systemd-s)
   CGroup: /system.slice/mysql.service
           control
             3772 /bin/bash /usr/share/mysql/mysql-systemd-start post
             3810 sleep 1

journalctl -xe

Subject: L'unité (unit) mysql.service a commencé à démarrer
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- L'unité (unit) mysql.service a commencé à démarrer.
avril 25 21:54:49 Aspire-A515 audit[4686]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/4686/status" pid=4686 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=121 ouid=121
avril 25 21:54:49 Aspire-A515 audit[4686]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=4686 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=121 ouid=0
avril 25 21:54:49 Aspire-A515 audit[4686]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/4686/status" pid=4686 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=121 ouid=121
avril 25 21:54:49 Aspire-A515 kernel: audit: type=1400 audit(1524686089.710:65): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/4686/status" pid=4686 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=121 ouid=121
avril 25 21:54:49 Aspire-A515 kernel: audit: type=1400 audit(1524686089.710:66): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=4686 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=121 ouid=0
avril 25 21:54:49 Aspire-A515 kernel: audit: type=1400 audit(1524686089.710:67): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/4686/status" pid=4686 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=121 ouid=121

Do you understand what is the problem?

Answer 1

Are you starting the SSH Connection on the box where MySQL is running?

If yes, you are blocking the port 3306, so MySQL can't start anymore.

In this case your SSH command should be with -R and not with -L:

ssh -i /Path_To_Key -R 3306:127.0.0.1:3306 user@IP_Server -f -N

If my guess is not right, please clarify on which system you make the commands and from where you want to connect to the MySQL-Database through the ssh tunnel.