Here is a neat trick to let you connect to mysql instances you've secured by making them, or certain users, socket only.
Firstly, as described in this article on the mozilla blog, ssh to your mysql box and use the socat utility to create a pipe from your mysql socket to a local TCP port.
sudo socat TCP-LISTEN:3308,reuseaddr,fork,su=nobody UNIX-CLIENT:/path/to/your/mysqd.sock
Next create an ssh pipe from your local machine to the matching port on the mysql box.
ssh -N -L 3308:localhost:3308 [email protected]
Finally simply connect with your mysql tool of choice to port 3308 (or whichever one you chose) on your localhost.