Re: SSH Server for MySQL-5.0.22 Server on WinXP-SP2

Hi,

We tried recompiling the source code with SSL enabled for MySql
(according to the instructions/flags, this is for Linux) but when we run
the MySql server and ran the "show variables;" command from within the
mysql prompt, the "have_openssl" variable indicates "DISABLED" so we
don't believe that SSL is enabled. Anyone know the exact flag(s) that we
are supposed to use to compile MySql to get the SSL port enabled? Or is
there something special that we need to do when running MySql in order
to start it with SSL running? On which port is MySql listening on, I
believe 3306 is the standard port but we couldn't figure out where the
default SSL port is?

Thanks for any info - Alan

Welsh, Armand wrote:
> The windows IPSec is not the only IPSec solution for windows. I do not
> recommend using openVPN nor SSH for this type of connection, your best
> bet is a low level IPSec protocol, or SSL support for MySQL. If you add
> too many intermediate layer, you will definitely observe performance
> issues. If you do not like the windows IPSec solution, then definitely
> invest the time into learning how to build MySQL from source. It will
> be well worth the investment in time.
>
> The biggest drawback for using openVPN is not so much the performance,
> it would be the added complexity. openVPN lends itself very well to a
> linux environment, where network interfaces are easily redirected, but
> no so easily to windows. I don't mean to say that it can't be used,
> just that it may not be the best choice. If you keep things simple,
> your application will be more reliable.
>
>
> Regards,
> ___________________________
> Armand Welsh
> AVP, Information Security
> State Street IMS
> 42 Discovery
> Irvine, CA 92618-3105
> t: 949-932-1415 / f: 949-719-4192
>
>
>
>
> -----Original Message-----
> From: ssh@erdelynet.com [mailto:ssh@erdelynet.com] On Behalf Of Asif
> Lodhi
> Sent: Sunday, August 06, 2006 11:40 PM
> To: ssh@erdelynet.com
> Subject: Re: SSH Server for MySQL-5.0.22 Server on WinXP-SP2
>
> Hi Mike,
>
> Thanks for replying.
>
> On 8/7/06, Mike Erdely <mike@erdelynet.com> wrote:
>
>> Asif Lodhi wrote:
>>
>>> .......................
>>> I have also taken a look at the
>>> openVPN - that's also a very good solution but my understanding is
>>> that I'll have to re-compile MySQL from scratch if I want to use
>>>
> SSL.
>
>>> Please correct me if I am wrong. I guess compiling from source is
>>> NOTTTTTT a very easy process as far as Windows is concerned.
>>>
>> Uhh... It seems you're seriously misunderstanding the difference
>>
> between
>
>> SSH, SSL, OpenVPN and encrypted connections to MySQL.
>>
>
> I only need to encrypt my network traffic. I understand SSH is good
> for getting occasional access to the server for management tasks but
> having each user to connect to the server using SSH would be a bit of
> an overkill. OpenVPN provides encryption as well - as far as I know
> using SSL. AFAIK, MySQL doesn't come bundled with SSL support and
> I'll have to recompile MySQL to get it accept connections from
> SSL-enabled clients.
>
>
>> Where are these 50 clients connecting from? The LAN, their homes?
>>
> ...........
>
>> network cards that encrypt all traffic as it hits the wire.
>>
>
> I have to live with whatever network cards are available.
>
>
>> You can use the built in IPsec tunneling in Windows.
>>
>
> Windows' built-in IPSec is tooooooo complex to manage. In addition, I
> want to manage it in a way so that I can migrate my application to
> Linux later on when users are satisfied with the database performance
> and everything. So opensource encryption options are very attractive
> to me - OpenVPN, OpenSSH, copSSH, etc.,
>
>
>> Recompiling MySQL for SSL support is a completely separate option from
>> SSH or VPN. You'd probably have to recompile the MySQL clients (or
>>
> use
>
>> a different library or whatever you're doing to connect to the
>>
> server).
>
> All I am anxious about is whether I will achieve encrypted access to
> MySQL-5.0.22 on WinXP2-SP2 from VB6/Windows clients if I use OpenVPN?
> Will it work _without_ recompiling it from source? Actually, I read
> some comments online at mysql.com which said MySQL doesn't come
> bundled with SSL support and you have to recompile it to get it
> working.
>
> Any more comments?
>
> --
> Thanks in advance,
>
> Asif
>
> --
> List Info: http://erdelynet.com/ssh-l/
> List Archives: http://erdelynet.com/archive/ssh-l/
> To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.com
>
>
>
>
>
> --
> List Info: http://erdelynet.com/ssh-l/
> List Archives: http://erdelynet.com/archive/ssh-l/
> To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.com
>
>
>
>
>

--
List Info:      http://erdelynet.com/ssh-l/
List Archives:  http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.com