mysqli 无法使用 ssh 隧道

Posted

技术标签:

【中文标题】mysqli 无法使用 ssh 隧道【英文标题】:mysqli cannot use ssh tunnel 【发布时间】:2021-06-06 01:01:31 【问题描述】:

我已经在我的虚拟盒子上安装了Ubuntu 18.04.3 LTS

我还通过以下方式创建了一个 ssh 隧道来连接到我的远程数据库:

admin@admin-VirtualBox:~$ ssh -v -v -v root@xx.xx.xxx.xxx -CNL 13306:localhost:3306
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "xx.xx.xxx.xxx" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to xx.xx.xxx.xxx [xx.xx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/admin/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/admin/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/admin/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/admin/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/admin/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/admin/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/admin/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/admin/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to xx.xx.xxx.xxx:22 as 'root'
debug3: hostkeys_foreach: reading file "/home/admin/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/admin/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from xx.xx.xxx.xxx
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: zlib@openssh.com,zlib,none
debug2: compression stoc: zlib@openssh.com,zlib,none
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: zlib@openssh.com
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: zlib@openssh.com
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:aaaaaaaaaaaaaaaaaaaaaaaaaaa/aaaaaaaaaaaaaaaaaaaaaaaaaaa
debug3: hostkeys_foreach: reading file "/home/admin/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/admin/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from xx.xx.xxx.xxx
debug1: Host 'xx.xx.xxx.xxx' is known and matches the ECDSA host key.
debug1: Found key in /home/admin/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/admin/.ssh/id_rsa (0x55ba671d36b0), agent
debug2: key: /home/admin/.ssh/id_dsa ((nil))
debug2: key: /home/admin/.ssh/id_ecdsa ((nil))
debug2: key: /home/admin/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:aaaaaaaaaaaaaaaaaaaaaaaaaaa /home/admin/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:aaaaaaaaaaaaaaaaaaaaaaaaaaa
debug3: sign_and_send_pubkey: RSA SHA256:aaaaaaaaaaaaaaaaaaaaaaaaaaa
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
Authenticated to xx.xx.xxx.xxx ([xx.xx.xxx.xxx]:22).
debug1: Local connections to LOCALHOST:13306 forwarded to remote address localhost:3306
debug3: channel_setup_fwd_listener_tcpip: type 2 wildcard 0 addr NULL
debug3: sock_set_v6only: set socket 5 IPV6_V6ONLY
debug1: Local forwarding listening on ::1 port 13306.
debug2: fd 5 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 13306.
debug2: fd 6 setting O_NONBLOCK
debug3: fd 6 is O_NONBLOCK
debug1: channel 1: new [port listener]
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: receive packet: type 4
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 4
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Connection to port 13306 forwarding to localhost port 3306 requested.
debug2: fd 7 setting TCP_NODELAY
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 2: new [direct-tcpip]
debug3: send packet: type 90
debug3: receive packet: type 91
debug2: channel 2: open confirm rwindow 2097152 rmax 32768
debug1: Connection to port 13306 forwarding to localhost port 3306 requested.
debug2: fd 8 setting TCP_NODELAY
debug2: fd 8 setting O_NONBLOCK
debug3: fd 8 is O_NONBLOCK
debug1: channel 3: new [direct-tcpip]
debug3: send packet: type 90
debug3: receive packet: type 91
debug2: channel 3: open confirm rwindow 2097152 rmax 32768
debug3: receive packet: type 96
debug2: channel 3: rcvd eof
debug2: channel 3: output open -> drain
debug2: channel 3: obuf empty
debug2: channel 3: close_write
debug2: channel 3: output drain -> closed
debug2: channel 3: read<=0 rfd 8 len 0
debug2: channel 3: read failed
debug2: channel 3: close_read
debug2: channel 3: input open -> drain
debug2: channel 3: ibuf empty
debug2: channel 3: send eof
debug3: send packet: type 96
debug2: channel 3: input drain -> closed
debug2: channel 3: send close
debug3: send packet: type 97
debug3: channel 3: will not send data after close
debug3: receive packet: type 97
debug2: channel 3: rcvd close
debug3: channel 3: will not send data after close
debug2: channel 3: is dead
debug2: channel 3: garbage collecting
debug1: channel 3: free: direct-tcpip: listening port 13306 for localhost port 3306, connect from 127.0.0.1 port 59650 to 127.0.0.1 port 13306, nchannels 4
debug3: channel 3: status: The following connections are open:
  #2 direct-tcpip: listening port 13306 for localhost port 3306, connect from 127.0.0.1 port 59644 to 127.0.0.1 port 13306 (t4 r0 i0/0 o0/0 fd 7/7 cc -1)
  #3 direct-tcpip: listening port 13306 for localhost port 3306, connect from 127.0.0.1 port 59650 to 127.0.0.1 port 13306 (t4 r1 i3/0 o3/0 fd 8/8 cc -1)

我在本地使用以下 mysql 版本:

admin@admin-VirtualBox:~$ mysql --version
mysql  Ver 14.14 Distrib 5.7.33, for Linux (x86_64) using  EditLine wrapper

当尝试通过我的本地 mysql-client 连接时,它工作正常:

admin@admin-VirtualBox:~$ mysql --host=127.0.0.1 --port=13306 mysql -u root -p
Enter password: 
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 136
Server version: 8.0.23-0ubuntu0.20.04.1 (Ubuntu)

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+-----------------------------+
| Database                    |
+-----------------------------+
| information_schema          |
| mysql                       |
| performance_schema          |
| phpmyadmin                  |
| sys                         |
| test_db                     |
+-----------------------------+
7 rows in set (0.03 sec)

mysql>

当使用dbeaver 7.3.5 时也可以正常工作:

但是,当尝试通过以下 php 脚本进行连接时,我的 mysql-db /etc/mysql/mysql.conf.d 的日志中出现错误

我在本地使用PHP 7.4.1,在远程主机上使用PHP 7.4.3

<?php
$mysqli = new mysqli("127.0.0.1", "root", "myPassword", "test_db", 13306);

/* check connection */
if ($mysqli->connect_errno) 
    mysqli_debug("/home/marcus/Desktop/client.trace");
    printf("Connect failed: %s\n", $mysqli->connect_error);
    exit();


/* check if server is alive */
if ($mysqli->ping()) 
    mysqli_debug("/home/marcus/Desktop/client.trace");
    printf ("Our connection is ok!\n");
 else 
    printf ("Error: %s\n", $mysqli->error);


/* close connection */
$mysqli->close();
?>

我远程得到的错误是:

2021-03-08T05:26:49.885317Z 132 [Note] [MY-010914] [Server] Got timeout reading communication packets

我也尝试更改 $mysqli = new mysqli("localhost", "root", "myPassword", "test_db", 13306); 但这不起作用,因为在我看来 mysqli 将其与我本地计算机上的 localhost 混淆了。我只在使用127.0.0.1 时出现上述错误。

任何建议我做错了什么?为什么我可以通过我本地的mysql clientdbeaver 连接,但不能通过 php?

有没有办法查看mysqli() 是如何建立连接的?

我认为这可能是我的 virtualbox(dbever 等工作不太可能)或我的本地 php 设置的问题。

SSH 连接正在另一台计算机上工作。 (那不是我的开发计算机)

非常感谢您的回复!

更新

我现在用python试了一下,效果很好:

import mysql.connector

database = mysql.connector.connect(
    host='127.0.0.1',
    user='root',
    password='myPassword',
    database='test_db',
    autocommit=True,
    port=13306
)
cursor = database.cursor()

operation = 'SELECT * FROM companies limit 10;'
for result in cursor.execute(operation, multi=True):
  if result.with_rows:
    print("Rows produced by statement '':".format(
      result.statement))
    print(result.fetchall())
  else:
    print("Number of rows affected by statement '': ".format(
      result.statement, result.rowcount))

我的结果:

admin@admin-VirtualBox:~$ python testMysql.py 
Rows produced by statement 'SELECT * FROM companies limit 10':
[(1, u'LDP', u'Cohen &amp; Steers Limited Duration Preferred and Inco', datetime.datetime(2020, 10, 6, 21, 0, 5), datetime.datetime(2021, 3, 7, 12, 2, 32)), (2, u'WIW', u'Western Asset Inflation-Linked Opportunities &amp; Inc', datetime.datetime(2020, 10, 6, 21, 0, 5), datetime.datetime(2021, 3, 9, 12, 0, 47)), (3, u'ATOAX', u'Aberdeen Ultra Short Municipal Income Fund Class A', datetime.datetime(2020, 10, 6, 21, 0, 5), datetime.datetime(2020, 10, 6, 21, 0, 5)), (4, u'BA', u'The Boeing Company', datetime.datetime(2020, 10, 6, 21, 0, 5), datetime.datetime(2021, 3, 11, 13, 23, 13)), (5, u'WMT', u'Wal-Mart Stores Inc.', datetime.datetime(2020, 10, 6, 21, 0, 5), datetime.datetime(2021, 3, 11, 14, 48, 8)), (6, u'AAPL', u'Apple Inc. (NASDAQ)', datetime.datetime(2020, 10, 6, 21, 0, 5), datetime.datetime(2021, 3, 11, 14, 48, 49)), (7, u'NVDA', u'NVIDIA Corporation', datetime.datetime(2020, 10, 6, 21, 0, 5), datetime.datetime(2021, 3, 11, 13, 24, 28)), (8, u'NFLX', u'Netflix, Inc.', datetime.datetime(2020, 10, 6, 21, 0, 5), datetime.datetime(2021, 3, 11, 13, 35, 19)), (9, u'BYND', u'Beyond Meat, Inc.', datetime.datetime(2020, 10, 6, 21, 0, 5), datetime.datetime(2021, 2, 23, 0, 4, 2)), (10, u'TSLA', u'Tesla, Inc.', datetime.datetime(2020, 10, 6, 21, 0, 5), datetime.datetime(2021, 3, 11, 13, 54, 40))]

【问题讨论】:

localhost 是一个 unix 套接字,所以是的,它忽略了端口。如果您想使用它们,ssh 端口转发可以将 unix 套接字(以路径形式)列为目标(和源)。例如:ssh -L /tmp/mysql.sock:/var/run/mysql.sock @danblack 感谢您的回复!你能进一步解释一下在 unix 套接字上使用 ssh 吗?我没有收到命令ssh -L /tmp/mysql.sock:/var/run/mysql.sock 可能是您在PHP-7.4.3 中使用了仅针对caching_sha2_password 插件(MySQL-8.0 中的默认值)固定的20+ 个字符的密码吗? @danblack 不,我的密码只有 10 个字符长。没有使用任何特殊密码。我认为取回数据可能有问题 你尝试ssh -v -v -v -i /home/admin/.ssh/id_rsa -N -L 13306:127.0.0.1:3306 root@xx.xx.xxx.xxx sleep 60然后运行(如上一个问题中所述)。 【参考方案1】:

不确定问题的根本原因是什么,但据报道可以正常工作的一种方法如下:

<?php
shell_exec(“ssh -f -L 13306:127.0.0.1:3306 root@xx.xx.xxx.xxx sleep 60 >> logfile”);
$db = mysqli_connect('127.0.0.1', 'root', 'myPassword', 'test_db', 13306);

您需要确保在 PHP 中安装了 ssh 扩展。

简而言之,在连接到数据库之前,使用 PHP 脚本创建 SSH 端口转发。

在https://blog.rjmetrics.com/2009/01/06/php-mysql-and-ssh-tunneling-port-forwarding/了解更多信息

【讨论】:

【参考方案2】:

对我来说,听起来 php 在另一台机器上运行,可能是同一台计算机上的 docker 或其他东西,“localhost”与您计算机上的不同。

【讨论】:

【参考方案3】:

我能想到两个原因:

    防火墙,但它没有任何意义,因为 python 很好,不应该是这样 请注意localhost $mysqli = new mysqli("localhost", "root", "myPassword", "test_db", 13306);您需要进入 mysql 并进入“mysql”表并在用户主机上提供 perimisson 以通过您想要的任何 ip 访问。

看看2是否有效,应该没问题。

【讨论】:

【参考方案4】:

localhost127.0.0.1 都是一样的,因为都是环回地址,都会指向主机本身。

用户在尝试设置远程 MySQL 数据库时遇到的一个更常见的问题是他们的 MySQL 实例仅配置为侦听本地连接。这是 MySQL 的默认设置,但它不适用于远程数据库设置,因为 MySQL 必须能够侦听可以访问服务器的外部 IP 地址。

要启用此功能,请打开您的 mysqld.cnf 文件:

sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf

找到bind-address 指令。

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address            = 127.0.0.1

bind-address 指令值更改为0.0.0.0

bind-address            = 0.0.0.0

更改此行后,保存并关闭文件。

然后重启 MySQL 服务,使您对mysqld.cnf 所做的更改生效:

sudo systemctl restart mysql

现在,您可以从远程客户端使用 mysql 连接。请确保,您将使用 mysql-server 的网络 IP。 (不是环回地址)

【讨论】:

*loopback. 谢谢,@Don'tPanic

以上是关于mysqli 无法使用 ssh 隧道的主要内容,如果未能解决你的问题,请参考以下文章

无法使用 PHP 函数 ssh2_tunnel 创建 SSH 隧道

使用 SSH 隧道时无法通过套接字错误连接到本地 MySQL 服务器

无法使用 sqlcmd 通过 SSH 隧道访问 SQL 数据库

mysql 无法连接 SSH 隧道 -> 拒绝访问“无”

无法使用 SSH 隧道将 MongoDB Compass 连接到 AWS DocumentDB

ssh 隧道腻子 - UI 应用程序登录无法从浏览器工作