MySQL Connections via 3rd party + SHH

apps

#1

Hello all!

So, I am loving my DH (DreamHost) server; the control panel is great, and the CS team on point (although I haven’t bothered them with this topic yet).

I have been developing a site locally which utilizes mySQL DB’s and am now trying to port it over to my DH server.

After several house of reading through the wiki and Googling I am feeling really lost and looking for a helping hand.


I would rather not have to use the “shell account” and need to enter command lines to edit my databases.

I am looking for a GUI (Graphical User Interface) based MySQL editor such as phpMyAdmin (which I have been using locally), but the DH Wiki says that connecting to phpMyAdmin directly will expose my user name and password. I am not a fan of that and am looking for more security.

It has been suggested that I use Putty to connect via SSH, but how do I go about setting that up, and would I be able to use a 3rd party GUI editor (I have been trying to connect, but failing to do so, with MySql Workbench)?

Any and all help is appreciated.

Thank you kindly,
–EthanG


#2

Maybe this will help?


#3

Thanks for the reply, Source, but this is all a little too jargony for me. I am a JS & AS developer (learning php as I go), and all this Putty talk and what not is above me at this point. I have read through that section of the Wiki several times, and it just hints towards the fact that you can get a secure connection through Putty/SHH. After looking for tutorials through Google, I came up short.

Have you been able to connect to any DB’s on your server using a proxy or 3rd party programs?


#4

maybe you should just download the 3rd party program called “putty” and follow the directions, it’s really very simple. So simple in fact that no one else races to make a better solution.


#5

I actually have putty installed because I work from home, and need it to access certain elements of my work’s servers, but our IT guy set all that up. I may have some directions floating around here on my work PC that allows me to set this up for their server, but could port it over to mine. I will look into that.

So, if I get an SHH going, which syncs with my server’s mysql subdomain, I should be able to use 3rd party programs without having to connect with that 3rd party program’s SHH settings? (Mainly MySQL Workbench)


#6

in putty, “sessions” are saved ( “connection profile” would be a more descriptive term to some users) so that when you open and click to your saved session for your domain all the necessary parameters are loaded in for that connection from that saved session. Basically all of the putty settings are saved in each of the profiles so that the user does not need to make any changes manually as they connect through to different servers on different networks.

In the putty section of the link posted above the instructions are having you set up and save a session for dreamhost with a tunnel created for database admin.

Following the steps and saving a new session will not overwrite any saved sessions your office IT has set up for you to use. You will see those sessions and the one you created in the saved session box when you open putty.[hr]

additionally after you have set that up the first time, to use the tunnel all you have to do is open putty, double click the saved session, log in, and minimize.


#7

Ok, that part is clear, the log in in and all, but that wouldn’t ‘hide’ my pw/user name and what not when I use DreamHost’s web based phpMyAdmin, would it?


#8

related: http://discussion.dreamhost.com/thread-130270.html

see the above thread, you will need at least one secure domain (or sub-domain) for the workaround mentioned which will require a dedicated IP and a certificate unless you already have one somewhere on a dreamhost domain or sub-domain.


#9

it will hide everything because every interaction you have with your DB on DH will go through an SSH connection. You just set up phpMyAdmin locally and set up a localhost server in the phphMyAdmin setup with the port that you forward to DH through the tunnel. I use it all the time that way, although I haven’t used Putty in a long time to do it. I do all my work on Ubuntu which is much easier for web development.


#10

Okie Dokie. Sorry for taking a while to get back to this, but I have been busy with other tasks for work and what not.

So, I have followed the steps outlined for PuTTY from the wiki tutorial (the first part at least):

Yet, when I try to log in through the new Tunnel, I get a warning that “The Server’s host key is not cached…” (See image bellow).

Is this normal? I have attached an image with the info I inputted into PuTTY (with my site’s address blurred, although I don’t think that is sensitive information? Especially since I just posted a picture which shows my domain, haha).

Is this Security Alert normal, and what should my next move be?
http://www.ethangaudette.com/_random/putty.jpg


#11

yes, you will see that the first time you connect to a dreamhost server. After that it will be cached then the key fingerprint will be cached.


#12

Ok, I will go ahead and do that, and try to do the localhost:Port with my phpMyAdmin.

I may have a few more questions in the coming hours/days; thank you for the continued support![hr]
Ok, I told you I would have questions! haha.

I accepted the server key and it is now saved in the cache, but I never created a user name or anything when setting up the PuTTY.

What would my user name/password be when connecting to the SHH Tunnel?


#13

That would be your Shell user name and password. If it’s an ftp user only now it will need to be upgraded to a shell user.

check here: https://panel.dreamhost.com/index.cgi?tree=users.users&


#14

LakeRat,

I have the main user (me - as I control everything) in the control panel to have:

User Account Type: Shell account - allows SFTP/FTP plus ssh access.
Shell Type: bin/bash

This is what was suggested in the DreamHost wiki. Yet, when I try to log in through PuttY, i get “access denied”[hr]
I also tried to log in with my database user name/password and setting the:
Allowable Hosts: myIpAddress
%.myIpAddress

I still get the Access Denied message.


#15

my immediate guess is that you have the wrong password (case sensitive) for the user.

If the shell user and the mysql user were created with the same username but had different password that might lead to confusion. They would in fact two different users with the same name. The specific user you want to use is the first one.

User Account Type: Shell account - allows SFTP/FTP plus ssh access.
Shell Type: bin/bash


#16

I have two users. The first is the one I created when I set up my hosting account, and is the one that I am trying to connect to SSH through PuTTY. These are the steps I have taken (not real user name).

Demo domain: pleasework.com
Demo Database domain: db.pleasework.com

DreamHost
User: wildCat
Password: password
Name: Wild
User Account Type: Shell account - allows SFTP/FTP plus ssh access.
Shell Type: /bin/bash

PuTTy
– I have followed the directions in the wiki here

Category: Connection > Tunnels:
Source port: 3306
Destination: db.pleasework.com:3306
Defaults: Local/Auto

Sessions:
Host Name: wildCat.pleasework.com
Port: 22
Protocol: SSH

Session Name: WildCatSHH
Now, when I double click the ‘WildCatSHH’ to bring up the SSH Tunnel window (not sure what to call that), The window name reads, “wildCat.pleasework.com - PuttY.”

After 30 seconds I get the following error:
Network Error: Connection timed out

What am I doing wrong? I don’t even get prompted for the user?

This is all very frustrating to me, mainly due to it being such an easy fix (At least I am willing to bet it will be), but I don’t know I have to do to fix it!

Grrr… I am going to take a shower, and come back to this.

Thanks again for taking a look.


#17

It doesn’t look like the domain you’re trying to use (pleasework.com) is hosted with DreamHost.


#18

You’re correct in that. The whole reason I am trying to use SHH, is to hide my user name and password and transfer data securely. This is why I listed ‘dummy’ domain/user/passwords.

It was my intention to illustrate what I am doing with my real data, so that if anyone sees flaws in the PuTTy setup, I can fix it on my end with the real log in information.

Have you successfully used PuTTy to connect to your domain/sub-domains/mysql domains? If so I would be forever indebted to you if you could share your correct setup.

Thanks


#19

I think I have, but it was some time ago. I know I’ve used PuTTy to create a tunnel for SVN+SSH… It is possible and I remember I followed a tutorial that i found on the net, but I use Ubuntu now which makes these types of things much easier…


#20

Do you find that there is software that doesn’t run well on Ubuntu/Linux? I haven’t really explored them that much, but my uncle raves about it. I am forced to use windows right now for work, but am looking to build a new home machine.