Posted by: jasonk2600 | December 3, 2009

Quickie HowTo: Encrypted Tunnels with OpenSSH

Encrypting network traffic that would otherwise be unencrypted is straight forward and simple with OpenSSH. In the example below, MySQL traffic will be encapsulated inside encrypted packets to protect the data. The tunnel will listen on the loopback interface on the client machine and connect to the server using encryption. You can change the settings to fit your own needs. The first option 3306 is the port on the client, the second options is the IP address of the server and the port number of the service that is to be encrypted, finally, username@ is the user that the tunnel will be setup under on the server.

# ssh -2 -N -f -L 3306: \
username@'s password: *************

To connect to the MySQL server with the newly activated tunnel, connect to the loopback device (

# mysql -u username -p -h
Password: *******

That’s all there is to it. The tunnel will remain active until the client machine has been rebooted. Persistent tunnels using PKI instead of passwords can be achieved, but are a little more complicated to setup. Read the Persistent SSH Tunnels HowTo.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: