SSH Port Forwarding: The Solution - MySQL

Without encryption, it is said that your data (including your MySQL log-in information) will travel as packets on the Internet in "clear text format." If a hacker (or anyone) sniffs that data using a third-party application, he or she will immediately see and understand the information. If the sniffed data is your MySQL log-in, it can be compromised.

The solution is to encrypt packets using SSH is to employ "Port forwarding" techniques. It is illustrated in the screen shot below:

If a MySQL GUI (HeidiSQL or MySQL query browser) connects to your MySQL server "securely," the first thing that will happen is that it will use a local host port other than the one that your local MySQL server is using. MySQL commonly uses Port 3306 for its communications. If you are developer, chances are you have MySQL installed locally, which also uses Port 3306.

To prevent any possibility of conflict, it will use Port 3307 locally, which is then detected by an SSH Client (Putty) and "port forward" to Port 3306 in your remote MySQL server. Of course, before your SSH client can accomplish this task, it must first be connected to your remote SSH server, which is your web host.

To enable port forwarding, you need to configure Putty to accomplish that job. The result is that the SSH client will sit "in between" your MySQL GUI and your hosting MySQL server. All traffic traveling from your SSH client (in your local computer) to your remote MySQL server Port 3306 has been encrypted using SSH.

To summarize, your MySQL GUI uses local port 3307, which is "port forwarded" by the Putty SSH Client to your remote MySQL server using standard MySQL port 3306. This is how the encryption of MySQL data has been accomplished.