in reply to
Tunneling DBD::mysql connections over SSH without using external programs
May I cordially suggest that this is a perfect application for VPN ... whether you do it in local software or even in the built-in VPN capability of a modern router device.
Simply establish a secure tunnel to the target system, preferably using digital certificates, and the entire problem goes away. The two systems simply talk to one another, over what appear to each of them to be a “local” connection, and .. mirabile dictu! .. the connection is secure! Courtesy of a third-party agent that is quite unknown to (and therefore, no longer a concern to) either of them. They no longer have to take any special steps at all to secure the connection ... they may simply take for granted that it is. “Priceless!”™