SSH stands for Secure SHell and is typically used as an encrypted version of telnet. SSH allows you to access a remote server's shell without compromising security. In a telnet session all communications, including username and password, are transmitted in plain-text, allowing anyone with adequate resources to listen-in on your session and steal passwords and other information. Such sessions are also susceptible to session hijacking, where a malicious user takes over your session once you have authenticated. SSH serves to prevent such vulnerabilities.
When a mysql client communicates with the MySQL server, all communication (with the exception of the user password) is done in plain text. What this means is that if an unscrupulous individual gets between your client and the server, they can have full access to all information transmitted. In order to protect your information you need to encrypt communications between the MySQL server and the GUI client.
SSH can be used to encrypt communications between the client and server. This is known as SSH port forwarding or SSH tunneling. One benefit of SSH port forwarding is that we can connect to a MySQL server from behind a firewall when the MySQL server port is blocked.
SSH will listen on a specified port on the client machine, encrypt the data it receives, and forward it to the remote SSH host on port 22 (the SSH protocol port). The remote SSH host will then decrypt the data and forward it to the MySQL server. The SSH host and the MySQL server do not have to be on separate machines, but separate SSH and MySQL servers are supported.
To perform port forwarding between a MySQL client application and the MySQL server, you will need a SSH login account for port forwarding. This account needs to either be located on the server running MySQL, or on a machine that can be accessed remotely via SSH and which in turn has network access to the MySQL server.
In this example, we are specifying that port 3306 on your client machine should be forwarded to the remote server. If the port 3306 is already used (i.e. for local MySQL server), change the source port setting to any value > 1024. To check ports availability, start the Windows command line client and enter netstat -a.
When the remote SSH host is on a different machine than the MySQL server, replace 127.0.0.1 with the IP address of the MySQL server (relative to the SSH host). Never use "localhost" for hostname.
Note that the username and password used on this page are the values of your MySQL account and NOT SSH shell access
MySQL port is a remote port that will be forwarded to the local port entered on previous page. All other values are your SSH shell access settings.
If you have never used SSH shell with this server before, you will be probably see a PuTTy security alert. Click Yes to update register registry keys. Wait for the timeout (30 s by default) and try again.
If you see the SQL message "Connection lost during query", that means, that TCP networking is not allowed in my.cnf settings and your MySQL server doesn't listen on a TCP/IP port at all. This can be a security enhancement, if all processes that need to connect to mysqld run on the same host. All interaction with mysqld must be made via Unix sockets or named pipes. Your MySQL is very secure, but you can manage it only via SSH terminal command line and never over TCP/IP
However, if you have full access to the server, you can edit my.cnf to allow communication over TCP/IP
Download a file my.cnf (usually /etc/my.cnf)
Locate a line # skip-networking and uncomment it or add a new line in section [mysqld]
Save and upload my.cnf file.
Restart your MySQL server.
If terminal window is currently active, enter /etc/init.d/mysql restart
If not, simply double-click a new connection to start a terminal window, wait for connection and enter the command from above.