how to create a secure connection for workbench to mysql

September 24, 2013 11.2k views
Hi, I was trying to use workbench for mysql I did the following sudo iptables -I INPUT -p tcp -m tcp --dport 3306 -j ACCEPT sudo iptables-save | sudo tee /etc/iptables/rules.v4 However, it doesn't work... it does not connect (from workbench) I also think that is not a secure connection... maybe I need to use ssl? My rules.v4 looks like this Generated by iptables-save v1.4.14 on Tue Sep 24 16:38:30 2013 *filter :INPUT ACCEPT [87:7016] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [74:6968] -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT COMMIT # Completed on Tue Sep 24 16:38:30 2013 However, I notice that 3306 is already open based on this file, before -A INPUT (in :INPUT ACCEPT) or do I have to create a VPN to have a more secure connection? I would like to be able to use mysql workbench By the way, I'm running MariaDB on Debian 7 64 bits
4 Answers
Make sure MySQL is listening on 0.0.0.0 and not 127.0.0.1:

sudo nano /etc/mysql/my.cnf


Set bind-address to 0.0.0.0, save, and restart mysql.
Also I would suggest to not open 3306 to the internet. Either restrict the access to your IP address, or even better, keep 3306 closed and ssh tunnel through your box to gain access to mysql running locally on it's socket.

MySQL Workbench works without any configuration necessary. When making a new connection, select "Standard TCP/IP over SSH", then change the SSH and MySQL parameters as necessary. (You should probably keep the SQL server IP address as 127.0.0.1.)

Have another answer? Share your knowledge.