Question

How to connect to Managed MySql cluster using jump server

Posted October 26, 2021 152 views
MySQLDigitalOcean VPC

We have a managed MySQL cluster at DigitalOcean, and we want to allow direct access to our dev team to work on that database, without having to add their IP address to trusted sources every time their local IP gets changed.

The question now is, can we use a droplet as a jump server, so our dev team can ssh tunnel through this server to the database, and we add only this jump server to the trusted sources.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi @msmongez,

Yes, you can use droplet as a jump server to connect to MySQL managed database cluster.

https://docs.digitalocean.com/products/databases/mysql/how-to/secure/

Regards,
Rajkishore

  • Thanks Rajkishore.

    I’ve seen your link, but it’s not what we need. We want dev team to ssh tunnel to db through jump server, so they can use their gui tools normally on their machines

    • Hi @msmongez,

      You can follow the below steps to accomplish this:

      1. Create a new droplet to use as a jump server
      2. Add Droplet ID to MySQL managed database trusted source.
      3. Run the below command to set up the SSH tunnel.
      ssh -N -L 25065:db-mysql-xxx-xxxxxx-do-user-xxxxxxxx-0.b.db.ondigitalocean.com:25060 root@droplet-ip
      
      -N 
      do not execute a remote command (useful for forwarding ports)
      -L
      forward local port to remote port
      

      Once the SSH tunneling is done, you will be able to connect to
      MySQL managed database from your local machine without
      having to add local machine IP to the trusted source.

      mysql -u doadmin -ppassword -h 127.0.0.1 -P 25065 -D defaultdb
      

      you can use the host 127.0.0.1 and port 25065 (which you have mentioned) to connect from GUI tools.

      I hope this helps!

      Regards,
      Rajkishore