Mysql – Why is a connection via an SSH tunnel presenting as 127.0.0.1 and not localhost

mariadbMySQL

I have defined a MariaDB user test@localhost and I have skip-name-resolve ON as recommended for performance reasons.

I'm able to connect with -hlocalhost -P3306 and so is my web application using the hostname "localhost".

If I attempt to connect via an SSH tunnel to "localhost" I receive the error that 'test'@'127.0.0.1' can't connect (as that user and host isn't defined).

In all three situations I've requested to connect to "localhost" from the same machine and for connections established from the server directly this appears to work. So why am I presenting to MariaDB as 127.0.0.1 via the SSH tunnel?

Supplementary question: Is there actually any point in enabling skip-name-resolve for this setup as from what I can see my web app is presenting itself as "localhost" and so there is no resolving going on and the only thing it's doing is preventing 127.0.0.1 being resolved to localhost when connecting via an SSH tunnel?

CentOS 7.6, MariaDB 5.5.64

Best Answer

All connections that were being made on the server to "localhost" were indeed using the Unix Domain Socket and authenticating with the test@localhost user.

I confirmed this with some tests:

mysql -utest -hlocalhost --protocol=SOCKET -P3306 -p  # worked (-P also redundant)
mysql -utest -hlocalhost --protocol=TCP -P3306 -p     # failed
ERROR 1045 (28000): Access denied for user 'test'@'localhost' (using password: YES)

The connection via the SSH tunnel was using TCP and as skip-name-resolve was ON was trying to login as test@127.0.0.1 rather than test@localhost.

Since my applications are running on the same server as the database and configured to connect to localhost/UDS, I see no benefit of turning skip-name-resolve ON as this just causes an additional problem when attempting to connect via the SSH tunnel to "localhost".

Related Question