Effective February 15, 2021, the CodeGuard support center will be merging with the Sectigo support center. This means that support emails will come from support@codeguard.com, and the knowledge base will be hosted on sectigo.com. There will be no interruption of our services, and you will continue to receive top of the line support during and after this transition.

I can't connect using a SSH tunnel, but I know my credentials are correct

When using an SSH tunnel, there are three additional configuration steps that may be required by your hosting provider or system administrator.

1. The SSH tunnel option depends on the ability to map a port on your server to a local port on our backup server through the SSH connection. If the database is only listening on a local socket and not available on a TCP port, then we are not able to create that mapping. In order for this process to work successfully, your database must be listening on a TCP port like 3306.

2. It is possible that your host is configured to allow SSH, but tunneling is prohibited by the firewall rules. Specifically, these firewall rules impact outbound traffic from the loopback address ( Your system administrator or hosting provider should be able to update the firewall rules to allow for traffic leaving the host via a tunnel. 

3. Finally, the MySQL user grants may be restricting access. When CodeGuard connects to your database through a tunnel, we specify as the MySQL server hostname. If your MySQL user is only granted access to connect using 'localhost' then the connection attempt may be rejected.  You can test this from the MySQL prompt with the "SHOW GRANTS FOR CURRENT_USER;" command. You should see something like:


If you only see an entry for myuser@localhost and not myuser@ or myuser@%, then you'll need to add a grant for that user to connect with the address This can be done with the following command: "GRANT ALL PRIVILEGES ON . TO 'myuser'@'' WITH GRANTOPTION;"

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request