Assuming you have installed MySQL Workbench on a workstation (and not directly on the SME server):
1. Enable networking on the SME Server
config setprop mariadb LocalNetworkingOnly no
signal-event e-smith-mysql-update
2. Verify that port 3306 is listening for connections:
# netstat -an |grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
3a [INSECURE - data and credentials visiible in plain text on your local network]
Point MySQL WorkBench at your SME server on port 3306
3b [SECURE using SSH]
i. Establish an SSH tunnel
From the workstation running MySQL Workbench, tunnel port 3306 to the SME server
#NOTE: Run a command similar to this ON THE WORKSTATION, not on the SME server
ssh root@[sme-server] -L 3306:localhost:3306
Notes:
* [sme-server]: can be an IP address. If it's a name, it must resolve correctly from your workstation
* 3306: the first 3306 is the port that will be opened on your workstation. If you're already running mysql or mariadb locally on the workstation you may need to use a different port here. Any unused port will do.
* :localhost:3306 tells ssh that at the remote end the tunnel should connect to port 3306 on "localhost" - in this case the SME server.
ii. Configure MySQL Workbench to talk to "localhost' (the workstation) using the first port number in the ssh command (3306 in this example)
NOTE:
* I tested this process connecting the wordpress database on my SME server. This reminded me that the only non-root user with access to that database is 'wp-user'@'localhost' -- I could not connect with this user until I created an ssh tunnel.
* If port 3306 is already in use on the workstation, you could (for example) use "-L 3307:localhost:3306", then tell MySQL Workbench to connect to "localhost:3307"
3c. [SECURE using TLS]
Sorry, I have no idea how to do this. I did not see any simple option for enabling TLS in the SME templates, so I suspect this will be somewhat tricky...