Pipe to a Socket Only mysql Server with SSH and SOCAT

Here is a neat trick to let you connect to mysql instances you've secured by making them, or certain users, socket only.

Firstly, as described in this article on the mozilla blog, ssh to your mysql box and use the socat utility to create a pipe from your mysql socket to a local TCP port.

sudo socat TCP-LISTEN:3308,reuseaddr,fork,su=nobody UNIX-CLIENT:/path/to/your/mysqd.sock

Next create an ssh pipe from your local machine to the matching port on the mysql box.

ssh -N -L 3308:localhost:3308 you@your.mysql.box

Finally simply connect with your mysql tool of choice to port 3308 (or whichever one you chose) on your localhost.