Hi Paul!


I'll try this idea.



On Mon, May 13, 2013 at 7:21 PM, Paul Ebermann <Paul-Ebermann@gmx.de> wrote:
Leonardo K. Shikida skribis:
> I would like to use JSch to create a secure tunnel to the target host
> and use this tunnel to transport bytes for a mysql connection. But I
> would not like that this tunnel would be accessible from any other user
> logged in the same machine.
> Is that feasible?

From the JSch side, jes.

Don't use the port forwarding functions (which create local sockets),
but start a direct-tcp channel, and write/read from its pair of Streams.

I used this to tunnel a JSch connection through an JSch connection.

The problem now is: How do we tell the JDBC driver to use the tunnel
instead of opening a new Socket?

It looks like there is a socketFactory configuration property for the
MySQL JDBC driver:

Though that property provides the class name, not an object, so you'll
have to pass your JSch Session through a static or thread-local static
variable to that class. Not optimal. Complain to MySQL so they provide a
method to configure that using objects instead of class names.

In the Socket factory's connect() method you'll then have to create an
instance of a custom subclass of Socket whose 'getInputStream' and
'getOutputStream' methods return the streams from the Channel.

Good success

AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
JSch-users mailing list