Kb BoharaWhen you want to share your local MySQL database with a friend but don’t have a public IP, you can use an EC2 instance as an intermediary. In this guide, I’ll walk you through how to set up a reverse SSH tunnel from your local machine (running MySQL) to your EC2 instance so your friend can access your database securely.
Prerequisites
Before you begin, make sure you have:
A Local Machine Running MySQL:
Your local machine should have MySQL running (default port 3306).An AWS EC2 Instance:
The EC2 instance must have a public IP address. You’ll use this server to act as the gateway for your tunnel.SSH Access:
You should be able to SSH into your EC2 instance from your local machine. Make sure your SSH keys are properly configured.Basic Terminal and SSH Knowledge:
Familiarity with command-line operations and SSH is required.
Step 1: Prepare Your EC2 Instance
1.1. Configure the Security Group
Log in to your AWS Management Console and navigate to your EC2 instance’s security group. Edit the inbound rules to allow traffic on a port that will be used for tunneling (e.g., port 3307).
- Protocol: TCP
- Port Range: 3307
- Source: (Limit access to your friend’s IP or a safe range)
1.2. Enable Gateway Ports
By default, the SSH daemon on your EC2 instance might not allow remote hosts to connect to forwarded ports. To change this:
- SSH into your EC2 instance.
- Open the SSH configuration file:
sudo nano /etc/ssh/sshd_config
- Find and update (or add) the following line:
GatewayPorts yes
- Save the file and restart SSH:
sudo systemctl restart sshd
This change allows the tunnel to accept connections from any host.
Step 2: Establish the Reverse SSH Tunnel from Your Local Machine
On your local machine (where MySQL is running), set up a reverse SSH tunnel to forward a port on your EC2 instance to your local MySQL port.
Run this command from your local terminal:
ssh -R 3307:localhost:3306 ec2-user@<EC2_PUBLIC_IP>
-
-R 3307:localhost:3306: This instructs SSH to forward port 3307 on the EC2 instance to port 3306 on your local machine. -
ec2-user@<EC2_PUBLIC_IP>: Replace with your EC2 instance’s public IP address and adjust ec2-user if your EC2 instance uses a different default username.
Once the command runs successfully, any connection to EC2_PUBLIC_IP on port 3307 will be forwarded to your local MySQL instance.
Tips for Persistence
To keep the tunnel alive even if the connection drops, consider using autossh. This tool automatically restarts your SSH session if it disconnects.
Step 3: Connect to MySQL Remotely
Now, share these connection details with your friend:
- Host:
- Port: 3307
- MySQL Credentials: Your MySQL username and password Your friend can now use any MySQL client (e.g., MySQL Workbench, command-line client) to connect using the above parameters. The traffic will be tunneled from the EC2 instance to your local machine securely.
For example, using the MySQL command-line client:
mysql -h <EC2_PUBLIC_IP> -P 3307 -u your_mysql_user -p
Security Considerations
Use Strong Credentials:
Ensure that your MySQL user has a strong password and only the required privileges.Limit Access:
Restrict the allowed IP addresses in your EC2 security group to trusted sources.Monitor Activity:
Regularly check logs on both your EC2 instance and MySQL server to ensure there’s no unauthorized access.
