Ssh Port Forwarding and “channel 3: open failed: connect failed: Connection refused”
In relation to a tutorial I previously made on how-to connect to a remote mysql server by forwarding port with ssh, I found out that some distributions like debian sarge where not using a default configuration that allow you to do that by default.
People who get an error like:
ERROR 2013 (HY000): Lost connection to MySQL server during query
or
channel 3: open failed: connect failed: Connection refused
might find an answer to their problem.
By default and for security reasons, Linux distribution don’t let mysqld server accessible from the outside. There is actually 2 ways to achieve this:
- binding the service to address 127.0.0.1, this is the default on ubuntu
- skipping networking, in that case, only local (non TCP/IP) connections will be allowed, on Unix, connections will be made through a Unix socket. This is the default on debian sarge
In the first solution, you need to add in the [mysqld] section of /etc/mysql/my.cnf the directive:
bind-address = 127.0.0.1
the second solution use:
skip-networking
instead.
While you can connect on a localhost server which skip networking like you could with a server which only listen on 127.0.0.1 address using:
mysql -u root -p -h localhost
you can not connect to it using an ssh tunnel with port forwarding.
as you will get an error like:
channel 3: open failed: connect failed: Connection refused
on the remote host
and:
ERROR 2013 (HY000): Lost connection to MySQL server during query
on the client host.
So in order to be able to connect to a remote mysql server which is only accessible from localhost, comment the directive:
skip-netwoking
and replace it with
bind-address = 127.0.0.1
This will not make your server less secure (as the service won’t be accessible from the outside) and you will be able to access your database server remotely with tools like mysql-query-browser, mysql-administrator using a ssh tunnel.
Hope this helped.