Monthly Archives: June 2008

Ssh SOCKS proxying, DNS proxying, Tunnelling

12-Jun-2008 Posted by Sonia Hamilton under , , , , , , ,
No Comments

Mary Gardiner answered one of Voytek Eymont’s questions on the SLUG list by referring to the ssh socks proxying post on Ubuntu Blog. I was already familiar with ssh socks proxying, but that page has a good set of comments and links. A summary of that post, plus some other notes:

  • setup via $ssh -D 9999 username@ip-address-of-ssh-server, configure web browser socks 5 host (not http proxy) to localhost:9999 (On Firefox: Preferences, Advanced, Network, Settings, Manual, SOCKS Host. FoxyProxy really helps with this – you can setup wildcards to send certain URLs via certain proxies eg for when connecting via a VPN to work)
  • http proxying can be setup at the command line (for use by wget, apt, etc) with the http_proxy environment variable. For example export http_proxy=’http://user:password@1.2.3.4:3128/’; cmd1; cmd2; export http_proxy=”
  • configure apt to use a proxy via /etc/apt/apt.conf by using Acquire::http::Proxy “http://username:password@proxyserver:port/”; See Using apt-get behind a proxy.
  • there’s also corkscrew (preferred), connect.c, and proxychains to secure other traffic or setup tunnels automagically in ~/.ssh/config. For example:
% sudo aptitude install corkscrew

% cat ~/.ssh/config
Host foo.bar.com
    User me
    Port 443
    ProxyCommand corkscrew 1.2.3.4 8080 %h %p ~/.ssh/proxyauth

% cat ~/.ssh/proxyauth
username:password

Jan/2011:

export http_proxy='http://219.93.2.113:3128/'

mysql, localhost, and ssh work-around

05-Jun-2008 Posted by Sonia Hamilton under ,
2 Comments

I use ssh to tunnel all the time, especially to get around brain-dead firewalls. But this doesn’t work easily for mysql – if you tunnel a port from localhost (eg localhost:3306) to the target db, mysql client tools will see ‘localhost’ and try to connect via the local socket. Very broken – there’s bugs lodged here and here about this (and lots of chest beating and wailing, too).

Solution: tunnel ssh via an intermediate machine. For example:

intermediate$ ssh -o GatewayPorts=yes -L 3306:targetdb:3306 targetdb
localhost$ mysql -h intermediate -P 3306

GatewayPorts – dangerous yes – but so is life…

Update

The problem seems to have been fixed; either that or I was having a very blond moment last time I tried using - – protocol.

localhost$ mysql --version
localhost$ mysql  Ver 14.12 Distrib 5.0.51a, for debian-linux-gnu (i486) using readline 5.2
localhost$ ssh -fN -L3306:targetdb:3306 targetdb
localhost$ mysql --protocol=tcp -hlocalhost -uroot
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 14788104
Server version: 4.0.21-Max-log
Type 'help;' or 'h' for help. Type 'c' to clear the buffer.
mysql>

Update 2

However graphical tools like OpenOffice Base, GMySqlCC and MySQL Query Browser either don’t obey the – - protocol=tcp flag or don’t have a place to set it, and therefore try to connect via the local socket file when connecting to localhost. Aarghhhhh….

Update 3

Using 127.0.0.1 instead of localhost works for OpenOffice – yay.

Connect to mysql from OpenOffice using ODBC

05-Jun-2008 Posted by Sonia Hamilton under
No Comments

There’s an article here that explains how to connect to a mysql database from OpenOffice.org Base using odbc, but the author makes it sound like rocket science. It’s easy – summary:

  • sudo aptitude install unixodbc libmyodbc unixodbc-bin
  • sudo ODBCConfig
    • driver is /usr/lib/odbc/libmyodbc.so
    • setup is /usr/lib/odbc/libodbcmyS.so
  • run the wizard, connect using the saved odbc configuration