I've been using a simple SSH tunnel to connect to remote database server from my local Mac. This worked fine in Monterey, but stopped working on Ventura.
I set up public keys, and I have verified that I can ssh into the remote server on both Operating Systems, i.e. this does not seem to be related to the issue where Ventura no longer supports certain older SSH encryption mechanisms, but just to be sure I set up an ED25519 private/public key pair which I use to connect to the remote server:
debug1: Server accepts key: /Users/xxx/.ssh/id_ed25519 ED25519 SHA256:xxx/U
debug3: sign_and_send_pubkey: using publickey with ED25519 SHA256:xxx/U
debug3: sign_and_send_pubkey: signing using ssh-ed25519 SHA256:xxx/U
debug3: send packet: type 50
debug3: receive packet: type 52
Authenticated to remote_host> ([remote_host>]:<remote_ssh_port>) using "publickey".
Here's the steps to reproduce - I am using 18881 as the local port:
Establish the SSH tunnel
ssh -p <remote_ssh_port> <remote_ssh_user>@<remote_host> -Nf -L 127.0.0.1:18881:127.0.0.1:3306Establish the DB Connection via mysql
mysql --user=<remote_db_user> --password=<remote_db_password> --host=127.0.0.1 --port=18881
Now when I run the above sequence, I get the MySQL prompt when running it on Monterey...
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 1088
Server version: 10.5.15-MariaDB-0+deb11u1 Debian 11
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
but on Ventura, I just get
ERROR 2002 (HY000): Can't connect to server on '127.0.0.1' (60)
even though it seems there is a process listening - netstat -an | grep 18881 returns
tcp4 0 0 127.0.0.1.18881 *.* LISTEN
on Ventura, whereas if I run this on Monterey I see the successfully established connection:
tcp4 0 0 127.0.0.1.18881 127.0.0.1.61873 ESTABLISHED
tcp4 0 0 127.0.0.1.61873 127.0.0.1.18881 ESTABLISHED
tcp4 0 0 127.0.0.1.18881 *.* LISTEN
When I run the ssh tunnel in verbose mode (-v -v -v), I see absolutely nothing happening in Ventura, whereas in Monterey, as expected, I see
debug1: Connection to port 18881 forwarding to 127.0.0.1 port 3306 requested.
debug2: fd 7 setting TCP_NODELAY
debug3: fd 7 is O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 1: new [direct-tcpip]
debug3: send packet: type 90
debug3: receive packet: type 91
debug2: channel 1: open confirm rwindow 2097152 rmax 32768
However I can do an SSH tunnel to a different service, i.e. if I swap the MySQL port of 3306 with the SSH port itself and run
ssh -p <remote_ssh_port> <remote_ssh_user>@<remote_host> -Nf -L 127.0.0.1:18881:127.0.0.1:22
I can then ssh into the remote machine with ssh -p 18881 <remote_ssh_user>@127.0.0.1 without any issues.
And...I was using MariaDB (mysql Ver 15.1 Distrib 10.9.3-MariaDB, for osx10.17 (x86_64) using EditLine wrapper) client side libraries when getting the abobe error; I switched to MySQL (Ver 8.0.31 for macos13.0 on x86_64) ... and got a different error: ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0 and this output from the tunnel:
debug1: Connection to port 18881 forwarding to 127.0.0.1 port 12998 requested.
debug2: fd 7 setting TCP_NODELAY
debug3: fd 7 is O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 1: new [direct-tcpip]
debug3: send packet: type 90
debug3: receive packet: type 91
debug2: channel 1: open confirm rwindow 2097152 rmax 32768
debug2: channel 1: read failed rfd 7 maxlen 32768: Broken pipe
debug2: channel 1: read failed
debug2: chan_shutdown_read: channel 1: (i0 o0 sock 7 wfd 7 efd -1 [closed])
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug3: send packet: type 96
debug2: channel 1: input drain -> closed
debug3: receive packet: type 96
debug2: channel 1: rcvd eof
debug2: channel 1: output open -> drain
debug2: channel 1: obuf empty
debug2: chan_shutdown_write: channel 1: (i3 o1 sock 7 wfd 7 efd -1 [closed])
debug2: channel 1: output drain -> closed
debug3: receive packet: type 97
debug2: channel 1: rcvd close
debug3: channel 1: will not send data after close
debug2: channel 1: send close
debug3: send packet: type 97
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: direct-tcpip: listening port 18881 for 127.0.0.1 port 12998, connect from 127.0.0.1 port 55652 to 127.0.0.1 port 18881, nchannels 2
Any ideas what I can do to make the SSH tunnelling work for MySQL on Ventura ?
