SSH 隧道远程访问 MySQL 数据库

Posted

技术标签:

【中文标题】SSH 隧道远程访问 MySQL 数据库【英文标题】:SSH tunneling to remote access MySQL database 【发布时间】:2013-02-05 06:09:38 【问题描述】:

我正在尝试编写 Java 程序以使用 ssh 隧道访问远程 mysql 数据库。

下面是我的代码:

int lport = 5656;

int rport = 3306;

String rhost = "111.222.333.444";

String host = "111.222.333.444";

String user = "username";

String password = "password1234";

String dbUser = "mySQLuser";

String dbPass = "mySQLpassword1234";

String schema = "test_db";





Connection conn = null;


try 


Properties config = new Properties();

config.put("StrictHostKeyChecking", "no");


JSch jsch = new JSch();

jschSession = jsch.getSession(user, host, 22);

jschSession.setPassword(password);

jschSession.setConfig(config);

jschSession.connect();

logger.info("Connected");


int assigned_port = jschSession.setPortForwardingL(lport, rhost, rport);

logger.info("localhost:" + assigned_port + " -> " + rhost + ":" + rport);

logger.info("Port Forwarded");




Class.forName("com.mysql.jdbc.Driver").newInstance();

String url = "jdbc:mysql://localhost:" + rport + "/" + schema;

conn = DriverManager.getConnection(url, dbUser, dbPass);

logger.info("Database connection established");


Statement stmt = conn.createStatement();


String sql = "SELECT * FROM TEST_TABLE";

ResultSet rs = stmt.executeQuery(sql);


while(rs.next()) 

logger.info(rs.getInt(1) + " " + rs.getString(2));




rs.close();

stmt.close();


logger.info("DONE");


 catch (Exception e) 

e.printStackTrace();

logger.error(e.getMessage());

if (jschSession != null && jschSession.isConnected()) 

System.out.println("Closing SSH Connection during error");

logger.error("Closing SSH Connection during error");

jschSession.disconnect();




 finally 

if (conn != null && !conn.isClosed()) 

System.out.println("Closing Database Connection");

logger.info("Closing Database Connection");

conn.close();




if (jschSession != null && jschSession.isConnected()) 

System.out.println("Closing SSH Connection");

logger.info("Closing SSH Connection");

//jschSession.disconnect();





我很确定所有的用户名和密码都是正确的。

但是,当我尝试运行上述代码时,它总是在以下行中失败:

conn = DriverManager.getConnection(url, dbUser, dbPass);

以下例外:

INFO   | jvm 1    | 2013/02/20 17:25:24 | java.sql.SQLException: Access denied for user 'mySQLuser'@'localhost' (using password: YES)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:946)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:2985)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:885)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at com.mysql.jdbc.MysqlIO.secureAuth411(MysqlIO.java:3421)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1247)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at com.mysql.jdbc.Connection.createNewIO(Connection.java:2775)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at com.mysql.jdbc.Connection.<init>(Connection.java:1555)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:285)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at java.sql.DriverManager.getConnection(DriverManager.java:582)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at java.sql.DriverManager.getConnection(DriverManager.java:185)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at com.prject.testing.Test.<init>(Test.java:97)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:147)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:76)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$4.run(AbstractAutowireCapableBeanFactory.java:997)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at java.security.AccessController.doPrivileged(Native Method)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:995)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:955)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:487)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:874)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:816)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:731)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:485)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:92)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:284)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1118)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:605)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:926)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:477)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.web.servlet.FrameworkServlet.configureAndRefreshWebApplicationContext(FrameworkServlet.java:638)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:595)
INFO   | jvm 1    | 2013/02/20 17:25:24 |       at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:652)

我还检查了 mySQL,用户“mySQLuser”的“主机”已经在“用户”表中设置为“%”。 谁能给我一些建议?

更新:

采纳@bmorris591的建议,

我改变了 String url = "jdbc:mysql://localhost:" + rport + "/" + schema;转换成字符串 url = "jdbc:mysql://localhost:" + lport + "/" + schema;

但是,出现了一个新的异常:

java.io.EOFException: Can not read response from server. Expected to read 4 bytes, read 0 bytes before connection was unexpectedly lost.
    at com.mysql.jdbc.MysqlIO.readFully(MysqlIO.java:1997)
    at com.mysql.jdbc.MysqlIO.readPacket(MysqlIO.java:573)
    at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1044)
    at com.mysql.jdbc.Connection.createNewIO(Connection.java:2775)
    at com.mysql.jdbc.Connection.<init>(Connection.java:1555)
    at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:285)
    at java.sql.DriverManager.getConnection(DriverManager.java:582)
    at java.sql.DriverManager.getConnection(DriverManager.java:185)
    at com.project.testing.Test.<init>(Test.java:98)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
    at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:147)
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:76)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$4.run(AbstractAutowireCapableBeanFactory.java:997)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:995)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:955)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:487)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:874)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:816)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:731)
    at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:485)
    at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:92)
    at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:284)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1118)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:605)
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:926)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:477)
    at org.springframework.web.servlet.FrameworkServlet.configureAndRefreshWebApplicationContext(FrameworkServlet.java:638)
    at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:595)
    at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:652)
    at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:514)
    at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:455)
    at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:138)
    at javax.servlet.GenericServlet.init(GenericServlet.java:212)
    at sun.reflect.GeneratedMethodAccessor120.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:270)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:302)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:163)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:117)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1200)
    at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1026)
    at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4421)

这行代码仍然发生错误:

conn = DriverManager.getConnection(url, dbUser, dbPass);

错误信息让我很困惑,

谁能给我更多的建议?

【问题讨论】:

暗示ssh隧道工作不正常。在添加数据库连接之前尝试添加代码以查看是否有效。 有点题外话了,但是为什么你需要一个java程序来建立SSH隧道,不只是使用普通ssh建立隧道更简单,那么你的java程序就可以访问本地端口? @Hei 我在通过 TCP/IP 连接使用 SSH/SSL 连接 Java 应用程序时遇到了同样的问题。所以,我找到了这个链接 [blog.sodhanalibrary.com/2015/12/…,它使用证书 PEM - 隐私增强邮件 (PEM)。您对这个问题的解决方案有任何想法吗? 【参考方案1】:

错误似乎在这一行:

String url = "jdbc:mysql://localhost:" + rport + "/" + schema;

鉴于rport3306,即远程机器上的mySQL 端口,您正在连接

"jdbc:mysql://localhost:3306/" + schema;

哪台是您的本地机器。您需要连接到:

String url = "jdbc:mysql://localhost:" + lport + "/" + schema;

本地机器上的哪个端口会转发到远程机器上的3306

【讨论】:

感谢您的提示。我已更改为 lport,现在我有一个新异常:java.io.EOFException:无法读取来自服务器的响应。预期读取 4 个字节,在连接意外丢失之前读取 0 个字节。这让我有点困惑...... 我猜你的隧道没有打开。如果您从 Java 应用程序执行 LocalForward,您应该能够从命令行测试隧道。 那么您将如何推荐 Java 代码来执行隧道,因为我最初遵循本教程,但在我的情况下似乎并不成功。 journaldev.com/235/… 我会测试隧道 - 例如从代码中删除 mySQL 内容并添加一个无限循环,然后运行代码并尝试使用终端从命令行连接到远程 mySQL。这样就可以调试 SSH 隧道了。【参考方案2】:

"mySQLuser"@"%" 让您从任何远程 主机进行连接。您应该拥有"mySQLuser"@"localhost" 才能在本地登录,这是通过 SSH 隧道时的情况。

默认 MySQL 安装有一个匿名用户帐户,其主机为 localhost,因此在本地登录时,该帐户被认为是更“特定”的用户。也就是说,如果没有"mySQLuser"@"localhost" 帐户,您将被视为匿名用户帐户。

【讨论】:

以上是关于SSH 隧道远程访问 MySQL 数据库的主要内容,如果未能解决你的问题,请参考以下文章

SSH 通过隧道访问远程客户端

jmx/jstatd 通过 ssh 隧道访问远程机器

SSH隧道:本地=>网关=> MySQL服务器

mysql 无法连接 SSH 隧道 -> 拒绝访问“无”

通过ssh隧道安全访问(如防火墙过滤)远程服务

SSH隧道到远程服务器的问题