Scenario: You're at home, and you want to connect to a mysql server on the other side of a firewall. There is a machine with ssh open on it that you can use as a gateway.
- On your home machine:
ssh -L 3307:domain.name.of.mysqlserver:3306 firstname.lastname@example.org
See the Unix man pages for ssh here.
This will open a tunnel, listening on localhost:3307 and forwarding everything to mysqlserver:3306, and doing it all via the ssh service on the gateway machine.
This example shows us specifying port 3307 on the local end of the tunnel; I did this because I run a MySQL server on my home machine, so I can't re-use the default MySQL port.
You'll now have a terminal open on the gateway machine, but you don't need it for this procedure, so set it aside.
- Now, on your local machine, execute a mysql connection like so:
mysql -u username -p -h 127.0.0.1 -P 3307 databasenameIn other words, mysql thinks it's connecting to localhost, but on a different port. In fact, the connection is being made securely to the remote mysql server, via the gateway machine and the local "mouth" of the ssh tunnel on your own machine.
See the Unix man pages for mysql here.
- When you're finished with your mysql session, log out of the session on the gateway machine. That will properly close the tunnel.