Search code examples
mysqlunixsshdigital-oceansequelpro

SSH Port forwarding failed when trying to connect to remote database via SSH


I am trying to connect to my remote MySQL database at my DigitalOcean SSD via SSH using Sequel Pro. This is my setup:


  • Name: MyWebApp
  • MySQL-Host: 188.226.150.240
  • User: localhost
  • Password: mySQLpassword
  • Database: rails
  • Port: 3306

  • SSH host: mywebapp.com
  • SSH user: root
  • SSH key: ~/.ssh/id_rsa
  • SSH port: 22

When trying to connect I get:

SSH Port forwarding failed.

Lost connection to MySQL server at 'reading initial communication packet', system error: 0


Used command:  /usr/bin/ssh -v -N -o ControlMaster=no -o ExitOnForwardFailure=yes -o ConnectTimeout=10 -o NumberOfPasswordPrompts=3 -i /Users/tintin/.ssh/id_rsa -o TCPKeepAlive=no -o ServerAliveInterval=60 -o ServerAliveCountMax=1 -p 22 [email protected] -L 61232/188.226.150.240/3306

OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to mywebapp.com [188.226.150.240] port 22.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /Users/tintin/.ssh/id_rsa type 1
debug1: identity file /Users/tintin/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-3ubuntu1.2
debug1: match: OpenSSH_6.0p1 Debian-3ubuntu1.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 42:f3:30:1b:ff:24:92:17:62:19:13:03:e9:65:0d:42
debug1: Host 'mywebapp.com' is known and matches the RSA host key.
debug1: Found key in /Users/tintin/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/tintin/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to mywebapp.com ([188.226.150.240]:22).
debug1: Local connections to LOCALHOST:61482 forwarded to remote address 188.226.150.240:3306
debug1: Local forwarding listening on ::1 port 61482.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 61482.
debug1: channel 1: new [port listener]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Connection to port 61482 forwarding to 188.226.150.240 port 3306 requested.
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: connect failed: Connection refused
debug1: channel 2: free: direct-tcpip: listening port 61482 for 188.226.150.240 port 3306, connect from 127.0.0.1 port 61484, nchannels 3

(I replaced my ip address, user name, and app name with fake data wherever possible.)

I've logged into my server through SSH multiple times already, so I can't figure why it's not working with Sequel Pro as well.

What am I missing here?

Thanks for any help.


Solution

  • debug1: Connection to port 61482 forwarding to 188.226.150.240 port 3306 requested.
    debug1: channel 2: new [direct-tcpip]
    channel 2: open failed: connect failed: Connection refused
    

    This indicates that the ssh server instance on mywebapp.com tried to connect to 188.226.150.240 port 3306 in order to service the port forward, and got a "connection refused" error.

    "connection refused" normally means that nothing is listening for connections on that address and port. The simplest explanation is that the mysql server isn't running, or that it's listening on a different interface and/or port than what you're trying to connect to.

    You should log into 188.226.150.240 and use "netstat" to see if anything is listening on port 3306. You may find that msyql isn't running, or it's only listening to the localhost interface, or something along those lines.

    Alternately, network devices like firewalls can be set to simulate a "connection refused" condition when they decide to block a connection. If the network traffic between the ssh server and the mysql server goes through a firewall, you could investigate whether it's blocking the traffic for some reason.