Sometimes it's very useful to directly connect tools (i.e. a database management tool) that runs on a developer or administrator PC, to a daemon on a server (i.e. mysql server) that is only available locally with the server for security reasons.

Example introduction

For the following tunnel examples we assume:

DO NOT bother to try using those credentials, it might get your IP blocked!


OpenSSH is the default ssh implementation for most Linux distros, and even Microsoft has announced an agreement to include it in Windows.

I'm not sure how equal or similar other Unix ssh clients (like BSD, MacOS) are.

To create a tunnel that stays in foreground:

# stay in forground, may be put in background by pressing Ctrl-Z and the command bg
ssh -L 3333: -N
# go in background, a bit difficult to stop
ssh -f -L 3333: -N
# evtl. check that ssh listens on 3333
lsof -i -n |grep -i listen |grep 3333

Test connect to the database:

mysql -h -P 3333 -u dbtester --password=testsecret testdb


To close the tunnel, abort or kill the according ssh process (ctrl-c, evtl. after fg to get it back to the foreground).


Putty is the most common ssh client for Windows. Hints for setting up key-based ssh access with Putty can be found everywhere on the internet, we'll focus on tunneling here.
Just one hint anyway: With ssh keys, have pagent running. Simply double-klick the .ppk file or even put it in your autostart group.

To setup the tunnel:

Now a putty window should open, you should be on as webadmin., and the tunnel should be up.

To check if there's a tunnel, open a Command window and use netstat like this:

netstat -a -n |find "3333"
# output should show something like


To close the tunnel, just close the according putty terminal, preferrably by entering exit.