|Keep It Simple, Stupid|
Tunneling DBD::mysql connections over SSH without using external programsby wwinfrey (Novice)
|on Apr 11, 2013 at 20:06 UTC||Need Help??|
wwinfrey has asked for the
wisdom of the Perl Monks concerning the following question:
I am building a specialized client application, and need to make an encrypted connection to a remote MySQL server. The MySQL server I am connecting to is running on a Linux appliance where my ability to change the configuration is limited, thus the following caveats:
Now, I have tunneled MySQL connections over SSH in the past plenty of times and am fairly familiar with SSH tunneling in general, but I cannot seem to figure out how to do this in a "pure Perl" manner.
I've read a couple different threads here on PerlMonks (most notably: here, here and here) that broach the subject, but don't seem to even point in the general direction of an answer. I've also looked for similar questions about tunneling in general, and have looked at say, the Tunnels section of the Net::OpenSSH perldoc, but can't wrap my head around how I would create a driver handle that connects over the pipes created by Net::OpenSSH's open_ex method...
I've also looked at modules like IO::Select and IO::Socket::INET, but can't really seem to wrap my head around how I might use them in furtherance of my afore-stated goals.
Update I was looking for a Perl module that would allow for SSH port forwards without the use of external apps such as /usr/bin/ssh or plink.
There are two modules that implement SSH client functionality completely "in" the module (that is to say, without acting as a wrapper for external binaries): Net::SSH::Perl/Net::SSH::W32Perl and Net::OpenSSH.
Net::SSH::Perl, as Krambambuli points out does not support SSH's "LocalForward" option. Net::OpenSSH supports SSH tunneling, but this is not the same as port forwarding, which is what I really wanted, and since the module I'm writing will need to support Windows, Net::OpenSSH is not an option here anyway.
In summary, as far as I can tell, there is no way to do SSH port forwarding using only Perl modules and without external binaries, not just in Windows, but on any platform. There are plenty of good options for accomplishing SSH port forwarding using external binaries, options that will likely suffice for most users, however, for my purposes, using external binaries wasn't an option.
As far as the solution to my own problem went, I got permission from the higher-ups to do a moderate amount of boostrapping on the target appliance so that the appliance's MySQL server will support SSL-encrypted connections, thereby eliminating my need to do any SSH port forwarding.