Connecting using SSH Tunneling

What Is SSH?

The Acronym SSH stands for Secure Shell Host. There are a couple of ways that you can access most systems. The most common way is to use a telnet program such as the one called telnet (for Unix and Windows). Accessing a shell account in this fashion though poses a danger in that everything that you do over that telnet session is visible in plain text on your local network, and the local network of the machine you are connecting to.

As one solution SSH was created to encrypt the data being sent over the network as well as provide an option that prevents passwords from being ever passed over the network. SSH can use several different forms of encryption, anywhere from 56 to 1024 bit. SSH has been ported to Operating Systems on several platforms including Linux, Microsoft Windows and Macintosh.

What Is SSH Tunneling?

SSH can be used to encrypt communications between SQLyog and your remote MySQL server. This is known as SSH tunneling and is actually quite simple to use.

Benefit of SSH Tunneling

Many hosting companies that provide MySQL hosting will block access to the MySQL server from outside the hosting company's network, and only grant access to users connecting from  localhost or from a machine within the network. The major benefit of SSH tunneling is that it allows us to connect to a MySQL server from behind a firewall when the MySQL server port is blocked. As long as the hosting company provides SSH access, you can still connect through SQLyog SSH Tunneling option.

Setting up SQLyog for SSH Tunneling

Select  SSH tab in the connection window.

SQLyog gives you the option of using  either password authentication or private/public key authentication with SSH tunneling. Most users use password authentication. The details for this option are:

Username Username to access the SSH server (Note: not the MySQL server).
Password Password to access the SSH server (Note: not the MySQL server).
SSH Host Address of the machine on which SSH server is running.
SSH Port Port on which SSH server is listening. By default, it is 22.

To understand the setup better, let us connect to a MySQL server using a real life example.E.g. Your website is hosted on 234.56.65.78. This server also has SSH server running and listening on port 22. Your MySQL server is located on server 234.56.65.79. This machine only allows connection from localhost or machine within the same network (e.g. 234.56.65.78). You publish your website on 234.56.65.78 using the username and password provided by your ISP. Ex. the username and password provided is ssh_user and ssh_pwd respectively.

In this particular case you have to put in the following value for various options:

MySQL Tab
MySQL Host Address localhost
Username Your mysql user name.
Password Your mysql password.
Database The database that you want to connect to. You can leave this field blank.
Port The port MySQL is listening. By default it is 3306.
SSH Tab
Username ssh_user
Password ssh_pwd
SSH Host 234.56.65.78
SSH Port 22

Note that the MySQL Host Address is entered as 'localhost'. That will most often be the case. The MySQL server and the SSH daemon then runs on the same machine or at least the same protected network and some routing system on the network takes care of the rest. You could in principle enter '234.56.65.78' for the MySQL server as well but in some cases the SSH configuration will not allow for the use of a 'global ip'. Finally you could need to enter '234.56.65.79' if the SSH daemon runs on '234.56.65.78' and the MySQL server on '234.56.65.79'. But note then that all communication between the machines '234.56.65.78' and '234.56.65.79' is not encrypted. As long as they both are on the same protected network it is normally not a problem. But connection from the SSH daemon running on one server to a MySQL server outside the protected network can be. That will however also only be needed in very special situations. And if you need to do so, you probably need not read this!


The  public/private key authentication adds an additional layer of security. If you check this option you must still provide a password (what is now named a 'passphrase') and you must enter the path and name of the file that contains your private key. To have your account set up for public/private key authentication you should contact your System Administrator. Key files to be used with SQLyog must be in .ppk -format (same format as used by the SSH shell program 'Putty').

Note:This feature is available in SQLyog Professional, Enterprise and Ultimate.