I need to secure MySQL database replication between two CentOS 5.7 servers. Server 1 has the live database, and replication is already working fine to Server 2 which is located elsewhere on the internet.
Obviously this isn't good as the replication traffic could easily be read, so it needs to be secured.
I created an SSH tunnel by entering this into the Server 2:
ssh -f root@server1ip -L 3305:server1ip:3306 -N
I confirmed I was able to successfully log into MySQL on Server 1 from Server 2 using:
mysql -h27.0.0.1 -uuser -ppassword -P 3305
Now, does this mean that the mysql replication is now all going over SSH automatically? Is there anyway I can confirm this? Or is Server 2 forced to connect to Server 1 over SSH because of this port forwarding rule I have established?
I noticed if I reboot Server 2, the SSH tunnel is gone when it restarts, but the replication continues (I assumed back in plain text). Is there something I can do make sure the replication stops when the tunnel drops? I want to make sure it won't automatically continue replicating in clear text without SSH.
Thank you!
Best Answer
You need to set the slave's replication master configuration so that it'll travel over the tunnel's bound port, instead of the external address of the replication peer: