You set up the following remote port forwardings: The processes that set up these forwardings are: Ssh 10086 user 9u IPv4 1924964 0t0 TCP localhost:2380 (LISTEN) Concept Tunnel-ssh v5 is designed to be very extendable and does not provide as much sematic sugar as prio versions. You set up the following local port forwardings:ĬOMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME Ps -f -p $(lsof -t -a -i -c '/^ssh$/' -u$USER -s TCP:ESTABLISHED) | awk ' Ps -f -p $(lsof -t -a -i4 -P -c '/^ssh$/' -u$USER -s TCP:LISTEN)Įcho "You set up the following remote port forwardings:" Lsof -a -i4 -P -c '/^ssh$/' -u$USER -s TCP:LISTENĮcho "The processes that set up these forwardings are:" # -u$USER limits to processes owned by $USERĮcho "You set up the following local port forwardings:" # -c /regex/ limits to commands matching the regex # -P inhibits the conversion of port numbers to port names # -a ands the selection criteria (default is or) The ssh-daemon listens on port 22 (last line), 2 subprocesses are spawned (first 2 lines, login of 'user'), a -R tunnel created on port 5000, and a -L tunnel which forwards a port from my (local) machine to localhost:80 (www). Sshd 15842 user 9u IPv4 148002889 TCP 127.0.0.1:33999->127.0.0.1:www (ESTABLISHED) Here are the configuration options Ive used : dstPort: remote database connection port. If you want to see the tunnels / connections made to a sshd: % sudo lsof -i -n | egrep '\' (that would be a -L 9090:localhost:80 tunnel) You may be able to run the ssh command in the node-red-daemon node, which should restart the connection if it gets dropped.If you only want to list tunnels created by ssh: % sudo lsof -i -n | egrep '\' This is practical when you want to reach a database which is only accessible through a webserver. You will probably also want to set up public/private key authentication for the ssh connection. Sets up a MySQL connection inside an SSH tunnel. a bit more info: i'm connecting to an aws rds instance through a bastion jump box. Sequel Pro: I can also log into the database using Sequel Pro. UPDATE: aha i've managed to get this working using the command line ssh client. Since the connection will look like it's coming from localhost on the MySQL machine you need make sure the Username/Password is locked down to a that host. CLI Success: I can 1) ssh into digitalocean server 2) login into mysql from the server and 3) access all database information as the root user. Then configure the Node-RED MySQL node to point to localhost. If you want to use a SSH tunnel then this will normally be done outside Node-RED with the ssh command line e.g. (See this question for details How to grant remote access to MySQL for a whole subnet?). This could be a wifi network or the subnet associated to the piblic IP (it needs to be the public range as nearly all cellular ISPs use CGNAT) range of the cellular provider you may be using. To reduce the risk you can restrict the Username/Password to a specific subnet. Set the host to '%' to allow all hosts when setting up the grant options). OK, so as I said in the comments you can make a Username/Password pair for MySQL can be granted permission to any IP address (which is less secure if the username/password is compromised.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |