For our hosting clients, we do not generally open the default TCP Port for MySQL (port 3306) for security reasons. A consequence of this is that users cannot connect directly to MySQL databases for their sites. However, by using an SSH tunnel, one can forward the traffic securely over the SSH connection and connect.
The following instructions describe how to establish an SSH tunnel for port 3306 to your server. Before you can proceed, you’ll need the following:
- working SSH login credentials for your server,
- PuTTY – a free terminal emulator.
Instructions
- Step #1: Launch PuTTY.
- Step #2: Enter your server’s hostname or IP address in the “Host Name” field.
- Step #3: Navigate to Connection → SSH → Tunnels
- Step #4: Fill in 3306 as the “Source port”, and fill in 127.0.0.1:3306 as the “Destination”. This tunnels all traffic to the local host (IP address 127.0.0.1) over port 3306, to port 3306 on the SSH connection. Make sure you click “Add” and that the entry appears in the list of Forwarded ports as in the screenshot below:
- Step #5: Connect to the server by selecting “Open”. You will need to provide credentials and may need to accept the host’s SSH key if this is your first time connecting.
- Step #6: You can now connect to your database using a client of your choice, such as MySQL Workbench (free). You must direct your client to connect to the host 127.0.0.1 and port 3306.