背景知道大家可以参照这里

想必大家都有这样的经历，本机可以通过SSH访问远程一个私有网络中的一台对外的主机，但在该网络中的服务器确只对该网络开放，像你这样在外网中的人无法访问，其实我们可以通过建立SSH隧道的来完成网络访问的目的。

如SQLylog就提供了SSH Tunneling连接的能力，下面是它的帮助：

Connecting using SSH Tunneling

What Is SSH?

As one solution SSH was created to encrypt the data being sent over the network as well as provide an option that prevents passwords from being ever passed over the network. SSH can use several different forms of encryption, anywhere from 56 to 1024 bit. SSH has been ported to Operating Systems on several platforms including Linux, Microsoft Windows and Macintosh.

What Is SSH Tunneling?

SSH can be used to encrypt communications between SQLyog and your remote MySQL server. This is known as SSH tunneling and is actually quite simple to use.

Benefit of SSH Tunneling

Many hosting companies that provide MySQL hosting will block access to the MySQL server from outside the hosting company's network, and only grant access to users connecting from localhost or from a machine within the network. The major benefit of SSH tunneling is that it allows us to connect to a MySQL server from behind a firewall when the MySQL server port is blocked. As long as the hosting company provides SSH access, you can still connect through SQLyog SSH Tunneling option.

Setting up SQLyog for SSH Tunneling

Select Tunnel tab in the connection window.

SQLyog gives you the option of using either password authentication or private/public key authentication with SSH tunneling. Most users use password authentication. The details for this option are:

To understand the setup better, let us connect to a MySQL server using a real life example.

E.g. Your website is hosted on 234.56.65.78. This server also has SSH server running and listening on port 22. Your MySQL server is located on server 234.56.65.79. This machine only allows connection from localhost or machine within the same network (e.g. 234.56.65.78). You publish your website on 234.56.65.78 using the username and password provided by your ISP. Ex. the username and password provided is ssh_user and ssh_pwd respectively.

In this particular case you have to put in the following value for various options:

Note that the MySQL Host Address is entered as 'localhost'. That will most often be the case. The MySQL server and the SSH daemon then runs on the same machine or at least the same protected network and some routing system on the network takes care of the rest. You could in principle enter '234.56.65.78' for the MySQL server as well but in some cases the SSH configuration will not allow for the use of a 'global ip'. Finally you could need to enter '234.56.65.79' if the SSH daemon runs on '234.56.65.78' and the MySQL server on '234.56.65.79'. But note then that all communication between the machines '234.56.65.78' and '234.56.65.79' is not encrypted. As long as they both are on the same protected network it is normally not a problem. But connection from the SSH daemon running on one server to a MySQL server outside the protected network can be. That will however also only be needed in very special situations. And if you need to do so, you probably need not read this!

The public/private key authentication adds an additional layer of security. If you check this option you must still provide a password (what is now named a 'passphrase') and you must enter the path and name of the file that contains your private key. To have your account set up for public/private key authentication you should contact your System Administrator. Key files to be used with SQLyog must be in .ppk -format (same format as used by the SSH shell program 'Putty').

 但是我们普通的客户端如何利用这种Tunnel进行连接呢？别急，看下面：

1、简介：
大多数人知道SSH是用来替代R命令集，用于加密的远程登录，文件传输，甚至加密的FTP(SSH2内置)，因此SSH成为使用极广的服务之一，不仅如此，SSH还有另一项非常有用的功能，就是它的端口转发隧道功能，利用此功能，让一些不安全的服务象TCP、POP3、SMTP、FTP，LDAP等等通过SSH的加密隧道传输，然后，既然这些服务本身是不安全的，密码和内容是明文传送的，通过使用SSH隧道传输的话再想在其中间监听也是徒劳无功的了。本文主要介绍通过SSH隧道连接远程Mysql服务器，SSH隧道更详细的文章参见：官方关于SSH隧道的介绍文章

2、使用Windows客户端连接

下面介绍使用windows系统下比较流行的MySQL终端工具SQLyogEnterprise，通过SSH隧道连接Mysql服务器。如下图：


新建连接


MySQL标签页


SSH标签页

3、linux命令行下使用ssh命令建立SSH隧道

mysql服务器地址为:192.168.99.52
本机地址为:192.168.99.91

前提
将本机的ssh publickey复制到mysql服务器中，也就是将本机的id_rsa.pub内容添加到mysql服务器的~/.ssh/authorized_keys文件中。我这里用命令实现。

利用 ssh-keygen 命令 生成本机id_rsa.pub文件
# ssh-keygen 连续回车生成id_rsa.pub 文件

将id_rsa.pub文件复制到mysql服务器中
# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.99.52

开始挖隧道
利用ssh命令在本机开个3388的端口，这个端口为隧道的入口端口，也就是说我一会儿通过在本机连接这个端口来达到连接mysql服务器3306端口的目的。使用命令如下：

ssh -NCPfroot@192.168.99.52 -L 3388:192.168.99.52:3306

参数解释

-C 使用压缩功能，是可选的，加快速度。
-P 用一个非特权端口进行出去的连接。
-f 一旦SSH完成认证并建立port forwarding，则转入后台运行。
-N 不执行远程命令。该参数在只打开转发端口时很有用（V2版本SSH支持）

这里的root@192.168.99.52 是登陆mysql服务器的SSH用户名和IP地址-L 3388:192.168.99.52:3306 这个参数的意思是说在本机开放3388端口到192.168.99.52:3306端口的映射，也就是说隧道的入口为3388出口为mysql服务器的3306

执行完后查看本地连接情况
# netstat -tulnp | grep 3388
tcp 0 0127.0.0.1:3388 0.0.0.0:* LISTEN 14273/ssh
tcp 0 0::1:3388 :::* LISTEN 14273/ssh

查看本机与mysql服务器的ssh连接情况
# netstat -an | grep 192.168.99.52
tcp 0 0 192.168.99.91:7612 192.168.99.52:9698 ESTABLISHED

通过这两条命令可知，执行完命令之后，本机与mysql服务器就建立起了ssh连接，且开放了3388端口。

通过隧道连接MySQL服务器

# mysql -udbname -P 3388 -h 127.0.0.1 -pdbpwd
Enter password:
Welcome to the MySQL monitor. Commands end with ;or \g.
Your MySQL connection id is 52562
Server version: 5.1.31-log Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the currentinput statement.

dbname@192.168.99.52 [(none)] >showdatabases;

4 rows in set (0.00 sec)

连接成功！



原文出自：http://salogs.com/2009/11/%E5%88%A9%E7%94%A8ssh%E9%9A%A7%E9%81%93%E6%96%B9%E5%BC%8F%E8%BF%9E%E6%8E%A5%E8%BF%9C%E7%A8%8Bmysql%E6%9C%8D%E5%8A%A1%E5%99%A8/

如果是windows机器，可以利用XManager3.0 提供的port forward功能：

直接贴图了：