Java 2 Ada

Using phpMyAdmin with a remote mysql on the ReadyNAS Duo

By stephane.carrez

This article explains how to setup and use phpMyAdmin with a MySQL server running on the ReadyNAS duo. This configuration does not require installing phpMyAdmin on the ReadyNAS. Instead it provides a secure configuration while allowing to administer the database remotely. The idea is to use an SSH tunnel to establish a secure connection to the MySQL server. This article deals with the ReadyNAS duo but it can be applied to any MySQL server (I've used this mechanism for the administration of Planzone).

Creating the SSH Tunnel

The ssh tunnel is created when we use the ssh -L option. The first port (3307) specifies the local port and localhost:3306 specifies the MySQL port on the remote endpoint. The tunnel is active only when we are connected with ssh. This is useful to guarantee that nobody can access the MySQL server while we are not connected. The MySQL traffic will also be encrypted by SSH. On your host, type the following command (replace pollux by your ReadyNAS host name).

$ ssh -L 3307:localhost:3306 -l root pollux
root@pollux's password: 
Linux nas-D2-24-F2 2.6.17.8ReadyNAS #1 Tue Jun 9 13:59:28 PDT 2009 padre unknown
nas-D2-24-F2:~#

Keep this connection open until you don't need the tunnel any more. As soon as you exit, the tunnel will be closed.

Setting up MySQL server

By default the MySQL server does not listen on any TCP/IP port but instead it uses Unix sockets (Unix sockets are faster and listening on TCP/IP ports could create security leaks if not done correctly). For the ssh tunnel to work, the MySQL server must listen on the a TCP/IP port on the localhost address.

Look at the configuration file /etc/mysql/my.cnf and make sure it contains the following lines (uncomment bind-address and comment the skip-networking):

socket        = /var/run/mysqld/mysqld.sock

port          = 3306
bind-address  = 127.0.0.1
#skip-networking

You should then restart MySQL if you changed the configuration file:

nas-D2-24-F2:/ # /etc/init.d/mysql stop
nas-D2-24-F2:/ # /etc/init.d/mysql start

Setting up mysql grant

A grant definition is necessary so that we can connect to MySQL server on the TCP/IP port. From the MySQL server point of view, the connection is from the localhost (the tunnel endpoint on the ReadyNAS). Connect to MySQL and type the following commands (you can use pwgen to make a password on Ubuntu):

mysql> grant all privileges on *.* to 'root'@'127.0.0.1' identified by 'Lugo6cho';
Query OK, 0 rows affected (0.04 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.02 sec)

Testing the connection

On another terminal window, try to connect to the MySQL server through the tunnel.

zebulon $ mysql -u root --host 127.0.0.1 --port 3307

If the client fails with Can't connect to MySQL server on '127.0.0.1' (111), verify that the tunnel is up and that the port is correct. If the client fails with Access denied for user 'root'@'127.0.0.1' , verify the MySQL access rights and update the grant.

Update phpMyAdmin configuration

Now, we just need to add the tunnel local endpoint to the phpMyAdmin configuration. For this, add the following lines to the phpMyAdmin configuration file (/etc/phpmyadmin/config.inc.php on Ubuntu).

$cfg['Servers'][$i]['host'] = '127.0.0.1'; 
$cfg['Servers'][$i]['port'] = '3307';
$cfg['Servers'][$i]['connect_type'] = 'tcp'; 
$cfg['Servers'][$i]['AllowNoPassword'] = FALSE;

$i++;

Now, connect to your phpMyAddmin and login on the 127.0.0.1:3307 configuration. Once you are logged in, you'll administer the remote MySQL server.

To add a comment, you must be connected. Login to add a comment

Connecting to a ReadyNAS duo using SSH

By stephane.carrez 6 comments

Before you start, you must be aware that there is a risk that you break your ReadyNAS. You should not do this unless you really understand what it is doing.

Installing the EnableRootSSH extension

The first step is to install the addon which allows you to connect to your ReadyNAS using ssh:

  1. Download the EnableRootSSH extension. I've used the following link: http://www.readynas.com/download/addons/4.00/EnableRootSSH_1.0.bin
  2. Go in the ReadyNAS FrontView with your browser and go to System -> Update -> Local Update
  3. Upload the EnableRootSSH binary file. The ReadyNAS verifies that content and if it is correct it displays a description of the addon.
  4. Acknowledge the installation of the addon

After installation, the ReadyNAS must be restarted. Shortly after, you will receive an email:

Subject: Addon Package Progress (nas-XX-XX-XX)
Successfully enabled root SSH access.  The root password is now the same as your admin password.

Connecting to the ReadyNAS using ssh

With the EnableRootSSH extension in place, you can easily connect using ssh. The RSA key fingerprint of your ReadyNAS is prompted and you must accept it in your known_hosts.

$ ssh -l root pollux
The authenticity of host 'pollux (192.168.1.6)' can't be established.
RSA key fingerprint is 01:c8:00:b4:56:5a:f9:fe:2d:73:9a:b0:55:a1:31:2f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'pollux,192.168.1.6' (RSA) to the list of known hosts.
root@pollux's password:
Linux nas-D2-24-F2 2.6.17.8ReadyNAS #1 Fri Sep 19 15:04:06 PDT 2008 padre unknown
nas-D2-24-F2:~# 

Exploring the ReadyNAS

Since the ReadyNAS runs a Debian Sarge with a GNU/Linux 2.6.17 kernel, you can easily explore the system.

CPU and Memory

The CPU is a Sparc-V8 (LEON) that Infrant has optimized for their needs. It integrates hardware RAID, the gigabit Ethernet and 4 SATA channels, a 64-bit DDR SRAM controller, a DMA, a 3 DES engine and a PCI/USB interface.

nas-D2-24-F2:~# cat /proc/cpuinfo
cpu             : Infrant Technologics, Inc. - neon version: 0
fpu             : Softfpu
ncpus probed    : 1
ncpus active    : 1
BogoMips        : 186.36
MMU             : version: 0
LP              : HW.FW version: 0.1
FPGA            : fpga000000-0 Configuration: 0
AHB arbitraion  : 7
CPU id          : 0
Switch          : 0
ASIC            : IT3107

And the memory:

nas-D2-24-F2:~# cat /proc/meminfo
MemTotal:       226384 kB
MemFree:        146560 kB
Buffers:         15440 kB
Cached:          42352 kB
SwapCached:          0 kB
Active:          61776 kB
Inactive:        22944 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:       226384 kB
LowFree:        146560 kB
SwapTotal:      255968 kB
SwapFree:       255968 kB
Dirty:               0 kB
Writeback:           0 kB
Mapped:          39712 kB
Slab:             5488 kB
CommitLimit:    391792 kB
Committed_AS:    72048 kB
PageTables:          0 kB
VmallocTotal:   131008 kB
VmallocUsed:      1120 kB
VmallocChunk:   129408 kB

Disks

The system is installed on the hard disk. It appears to use arround 1.9G from my 1Tb disk.

nas-D2-24-F2:/usr# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/hdc1             1.9G  224M  1.7G  12% /
tmpfs                  16k     0   16k   0% /USB
/dev/c/c              925G  543M  924G   1% /c

Other interesting commands:

The following commands are interesting to explore the system and learn more about it:

dpkg -l         List of installed packages
netstat -ln   Network open ports (TCP/UDP/Unix)
top              Top running processes
ps aux         List all running processes

Next step

The next step for me is to see if I can install the Bacula Storage Daemon and see if my bacula server is able to connect to it directly.

6 comments
To add a comment, you must be connected. Login to add a comment