SSH Tunneling in Connector/Net

A couple of years ago, MySQL Connector/Net shipped with a feature that allowed the connector to automatically create a SSH “tunnel” to a remote MySQL host. This could be useful in that it allows a remote MySQL host to only run with a secure port and a local client could connect to a local port to access it. We wrote about that feature in a blog post you can read here.

Today we are announcing that starting with the 8.0.24 release we are removing that feature. We decided to take this action for a few reasons. First, very few people were actually using the feature. Including a security sensitive feature that few people use is something we always want to examine. In addition, we were starting to encounter some friction between the encryption methods and ciphers that library supported and those that we wanted to support as an official Oracle product. And lastly, and as I’ll demonstrate with the following code, using the library to create your own tunnels is incredibly easy. By removing this library from our connector it helps to simplify our code paths possibly resulting in faster connections and fewer bugs and makes it clearer in your application code exactly what is happening.

To demonstrate how easy it is to create your own tunnels, do the following. First install the SSH.Net library found at https://github.com/sshnet/SSH.NET/. Then in your code you can do something like the following:

var key = new PrivateKeyFile(PrivateKeyPath,SSHServerPassword);
var method = new PrivateKeyAuthenticationMethod(SSHServerUserName, key);
ConnectionInfo conn = new ConnectionInfo(SSHServerHost, SSHServerPort, SSHServerUserName, method);

SshClient = new SshClient(conn);
SshClient.Connect();

ForwardedPortLocal forwardedPortLocal = new ForwardedPortLocal("127.0.0.1",3306, MySQLHost, MySQLPort);
SshClient.AddForwardedPort(forwardedPortLocal);
forwardedPortLocal.Start();

// Connector/Net can now connect to 127.0.0.1:3306 to connect to the remote MySQL host.

By splitting out the library it allows the end user to use all the features of the tunneling library to create the tunnel in just the way that is required and upgrade the tunneling library at the speed they are comfortable with.

We’re sorry for any inconvenience this might cause but we feel like this serves our customers better.