mariovaldez.net

I have read all the forums and tried all the suggestions, but I can not seem to get the SSH tunnel to work correctly. Testing the SSH works fine, Logging into the DB without SSH works fine, but when I try to connect via SSH, I get "Can't connect to MYSQL server on '127.0.0.1' (10061).

I have tried EVERYTHING. When I test the tunnel - while it's open, I can pass it a connection string and it works fine. It just doesn't want to connect when I check the box that says use SSH and then click "Connect". What am I doing wrong.

I can connect every other wa yand I've allowed every possible host imaginable, including %. I don't get it. PLEASE help me. I think this software is AWESOME and I'd love to contribute, but I don't know anything about porting a program through SSH. Thanks

-Tai Graham

Yahoo: Taiter352
AIM: Taiter22
ICQ: 16252317
MSN: mail @ taigraham.com

Tai:


> I have read all the forums and tried all the
> suggestions, but I can not seem to get the
> SSH tunnel to work correctly. Testing the
> SSH works fine, Logging into the DB without
> SSH works fine, but when I try to connect
> via SSH, I get "Can't connect to MYSQL server
> on '127.0.0.1' (10061).

There are several things to test, and I'm sure you have tested most of them. But let's retry them again.


The error message you see (10061) means that the OSCPMWin application didn't find anyone listening to that port at that address.

Possible causes:
Cause 1. MySQL is not configured to accept connection from "localhost".
That is, the server "localhost", itself. This can be easily checked: log in to your server (from the server console or telnet or SSH, NOT with OSCPMWin), and from there try to connect to "localhost" at port 3306. If this fails, MySQL is not accepting connections from localhost for your user. If "%" is not working, create a "localhost" permission record for your DB user. Also, check if you have more than one permission record for your DB user; if you do, check that the passwords in all records match.

Cause 2. Not effective SSH link.
Configure OSCPMWin, and press the "TEST TUNNEL" button in the Configuration window. If everything works fine, you will see the prompt of your SSH account or the welcome message of the shell configured in the server. If you don't see it, the connection is not being completed. Copy the command line shown just after pressing the "TEST TUNNEL" button and try it yourself at the Command Prompt. Also, check that your firewall is not blocking the SSH connection. Actually, double-check the firewall stuff, I've seen it too many times.

Cause 3. The tunnel is not being made even if the SSH connection is effective.
Invoke the TELNET program of Windows (or any telnet software) and make it connect to "localhost" at port 3306. For example, at the Command Prompt of Window or the Start > Execute option, type


If the tunnel is really working, you should see something like:


Cause 4. The client computer does not know what address is 127.0.0.1.
This should not happen and I really don't know if it can happens in Windows (it can in other OSs). Do a "ping 127.0.0.1" in a Command Prompt window and check that there is an answer and that the answer is instantaneous (it should display an average response time of 0 ms).


Please let me know if you still have problems.


Regards,

Mario A. Valdez-Ramirez.

Just to make it clear...I am connecting to a completely remote computer. This test fails on my local computer. Testing this on the remote computer works. Am I supposed to open this port up locally? I would think if SSH works int he test mode then it should work. Perhaps I am misunderstaning something simple here.

I have tested Cause 2 while in the Test Tunnel and that works great. I can use SSH to get into my box - I own my own server and I have ensured that the DB user is allowed access from %, 127.0.0.1, and localhost.

I am willing to provide access information to my site for a test user. We do a lot of community development with oscommerce and would like to be able to utilize this program. We were thinking of putting one together in .Net, but can't figure out how to transmit everything securely.

Thanks for your response, any help is appreciated.

-Tai

Tai:

> Just to make it clear...I am connecting
> to a completely remote computer. This
> test fails on my local computer. Testing
> this on the remote computer works. Am
> I supposed to open this port up locally?
> I would think if SSH works int he test mode
> then it should work. Perhaps I am misunderstaning
> something simple here.
> I have tested Cause 2 while in the Test
> Tunnel and that works great. I can use
> SSH to get into my box - I own my own
> server and I have ensured that the DB
> user is allowed access from %, 127.0.0.1,
> and localhost.

Hi again. Yes, I assumed you were trying to connect to a remote server. The connection to localhost is to connect to the "entrance" of the SSH tunnel. I made two figures to depict this:

Connection without SSH tunneling:


Connection with SSH tunneling:


As you can see, the OSCPMWin application (or any client in the workstation) should connect to localhost so the SSH client can "forward" the traffic (encrypted) to the remote host, where the SSH server will decrypt the traffic and pass it to a localhost connection.

You tested this in the remote server, it worked, meaning that the Cause 1 is discarded. But you said it failed in your workstation. If the SSH tunnel was active (because you used the "TEST TUNNEL" option or invoked PLink manually) while trying to connect with Telnet to "localhost 3306", then there is something wrong.

Check the firewall stuff. And check the settings in the OSCPMWin application. Check that both the "DB Port" and the "SSH local port" are set to 3306.


> I am willing to provide access information
> to my site for a test user. We do a lot of
> community development with oscommerce
> and would like to be able to utilize this
> program.

First try to find the cause yourself. If you still have problems, let me know and I will do a test with your test user. (Just send me the parameters by email to mario@mariovaldez.org and be sure to delete the user afterward; just for security).


> We were thinking of putting one
> together in .Net, but can't figure out how
> to transmit everything securely.

Ah, that's interesting. Would you like to tell us more? I curious...


Regards,

Mario A. Valdez-Ramirez.

Hi Mario - I've been trying to get this working for some time as well. It looks like I've managed to successfully rule out cause 1 and 2. As for cause 3 it's still up in the air. After creating a successful connection using plink with the variables:

plink -ssh -2 -l username -pw password -L 80:127.0.0.1:3306 xxx.xxx.xxx.xxx

it connects fine and then i can invoke a telnet 127.0.0.1 3306 and get a 4.0.23-standard‚Ad]'Gp~ back. So I know at least it's connecting to the database, The wierd thing is - maybe partly because it's a tunnel I recieve the following in my windows netstat -a command.

TCP chester:3306 localhost:1406 TIME_WAIT
TCP chester:3306 localhost:1407 TIME_WAIT
TCP chester:3306 localhost:1410 TIME_WAIT
TCP chester:3306 localhost:1411 TIME_WAIT

and if I'm quick enough I'll get a syn_sent but that's as far as it goes. So it appears as if everything is working correctly yet it just isn't verifying the credientals possibly? Or maybe the server is kicking the connection back? Everything manually appears to work. -Nick

and this is the only active connection I have going to the server right now, I don't see port 3306 anywhere in my connections via tcp or udp. Any ideas as to why? I also for fun put my computer on the dmz of my firewall and it had no effect either. .

Nick:

> After creating a successful connection
> using plink with the variables:
> plink -ssh -2 -l username -pw password
> -L 80:127.0.0.1:3306 xxx.xxx.xxx.xxx
> it connects fine and then i can invoke a
> telnet 127.0.0.1 3306 and get a
> 4.0.23-standard‚Ad]'Gp~ back. So I
> know at least it's connecting to the database...

Good. However, besides a successful connection you also need a successful MySQL authentication.

> The wierd thing is - maybe partly because
> it's a tunnel I recieve the following in my
> windows netstat -a command.
> TCP chester:3306 localhost:1406 TIME_WAIT
> TCP chester:3306 localhost:1407 TIME_WAIT
> TCP chester:3306 localhost:1410 TIME_WAIT
> TCP chester:3306 localhost:1411 TIME_WAIT

Those look like failed MySQL connections.

In my computer I can see (in the Windows side):


Now, if I wait a couple of minutes (to clear any TIME_WAIT after disconnecting), and retry but now using an invalid password (to simulate a rejected connection):



As you can see, there is no SSH link, and the connections to 3306 (localhost) stay in TIME_WAIT for a while.


I think you may find more useful information in the MySQL log file (if you enable it). For example, I got this:




Regards,

Mario A. Valdez-Ramirez.

Hmm - we've been trying for a week now and still can't figure this out. I will email you access and if you can get it to work or figure out why it doesn't want to work on our box, we will love you forever

I just don't understand why it will authenticate without the tunnel but won't authenticate with the tunnel using the same credentials. Email is on it's way. Thanks for your wonderful support.

-Tai Graham

The SSH connection works (after testing and modifying some things on the server). But if I connect manual via PLINK I get a failure message : Unable to use key file "" (unable to open file)....

The connection works but what about this message???

Frank:

> The SSH connection works (after testing and
> modifying some things on the server). But if
> I connect manual via PLINK I get a failure
> message : Unable to use key file "" (unable to open file)....
> The connection works but what about this message???

Hi. Sorry for the delay. If the connection works (it gets established, it tunnels traffic, etc), then just ignore this message.

PLink (just like puTTY) can use a local key file (for public key authentication). The OSCPMWin application does not use PK authentication but it seems PLink may try to use the private key (in the local key file) and then the password we supply. I have not fully checked the PLink source code so I may be wrong on this.

Anyway, whatever the reason, PLink cannot find or read the local key file and it display that message.

Could it be that you already use SSH (with PLink or maybe Cygwin) or that you have installed puTTY and already use publick-key authentication for the same server?


If the connection works, just ignore the message. If it does not, let me know.


Regards,

Mario A. Valdez-Ramirez.