Trying to ssh tunnel to a remote service that is running on a localhost rather than a local IP is resulting in this error:
Got error: 2013: Lost connection to MySQL server at 'reading initial communication packet' / channel 2: open failed: connect failed: Connection refused
The reason this fails is because an SSH tunnel will normally try to talk to the remote host using its local IP (e.g. 192.168.0.1) instead of its localhost interface (127.0.0.1).
To resolve this, a double SSH tunnel can be setup (in this example, tunneling MySQL over port 3306 listening on 127.0.0.1 on the remote host):
PORT=`jot -r 1 2000 65000`
PORT2=`jot -r 1 2000 65000`
echo "Opening tunnel on random local port - $PORT"
ssh -f -L $PORT:192.168.2.10:22 admin@rd_fw -N
ssh -f -L $PORT2:127.0.0.1:3306 firstname.lastname@example.org -p $PORT -N
mysql -P $PORT2 -h 127.0.0.1 -u apkscan_backup -p apkscan_website