ssh 隧道拒绝连接到本地绑定的 mysqld 地址

tag-icon tag-icon mysql ssh port-forwarding
ssh 隧道拒绝连接到本地绑定的 mysqld 地址

我经常使用端口转发来连接远程数据库,命令如下:

ssh -L 3306:127.0.0.1:3306 -N [email protected]

我认为问题出在这台特定的服务器上,mysql 守护进程绑定到私有 IP 地址(例如192.168.x.x),而不是localhost

这是我在使用选项进行隧道传输时从输出中想到的唯一的东西-v -v

例子:

ssh -L 3306:127.0.0.1:3306 -N [email protected] -v -v

当我尝试在本地使用连接时,在调试中收到以下信息:

debug1: Connection to port 3306 forwarding to 127.0.0.1 port 3306 requested.
debug2: fd 7 setting TCP_NODELAY
debug2: fd 7 setting O_NONBLOCK
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: connect failed: Connection refused
debug2: channel 2: zombie
debug2: channel 2: garbage collecting
debug1: channel 2: free: direct-tcpip: listening port 3306 for 127.0.0.1 port 3306, connect from 127.0.0.1 port 47520 to 127.0.0.1 port 3306, nchannels 3

我对使用端口转发并不陌生,并且已经在各种其他配置中成功使用过它,但这个服务器特别让我困惑。

任何帮助均感激不尽。

编辑: 值得注意的是,私有 IP 地址是由云提供商分配的,实际上不会显示在ifconfig/ip输出中。是的,它显示在 eth0:1 上

编辑2:Mysql错误输出:

200220 20:08:12 [Warning] IP address '192.168.x.x' could not be resolved: Name or service not known

编辑3:

ifconfig输出:

# ifconfig
eth0      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:XX  
          inet addr:xx.xx.xx.58  Bcast:xx.xx.xx.255  Mask:255.255.255.0
          inet6 addr: xxxx::xxxx:xxxx:xxxx:xxxx/64 Scope:Link
          inet6 addr: xxxx:xxxx::xxxx:xxxx:xxxx:xxxx/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8786400702 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8059726929 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1072200268259 (1.0 TB)  TX bytes:47891146981425 (47.8 TB)

eth0:1    Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx  
          inet addr:192.168.xx.xx  Bcast:192.168.255.255  Mask:255.255.128.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:94 errors:0 dropped:0 overruns:0 frame:0
          TX packets:94 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5360 (5.3 KB)  TX bytes:5360 (5.3 KB)

mysql.cnf 输出:

[mysqld]
#
# * Basic Settings
#
user        = mysql
pid-file    = /var/run/mysqld/mysqld.pid
socket      = /var/run/mysqld/mysqld.sock
port        = 3306
basedir     = /usr
datadir     = /var/lib/mysql
tmpdir      = /var/tmpfs
lc-messages-dir = /usr/share/mysql
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address        = 192.168.xx.xx

答案1

一个简单的解决方法是设置(如果您有正确的版本), 多个bind-addresses:

bind-address        = 192.168.x.x,127.0.0.1

如果没有,你可以设置

bind-address        = 0.0.0.0

- 后者还会导致 MySQL 监听您的公共 xxx58 地址,这是一个重大的安全风险,不建议这样做。如果必须这样做,您应该采取措施确保阻止与该端口的连接(iptables、ufw 等...)并从远程位置对其进行测试。

相关内容