I realize this is a pretty stale thread but since there isn't much by way of documentation out there on this topic and I came across this same question, I wanted to share a bit more detail on the solution I found.
I eventually got it working by matching the "remote address" in the SSH command to the bind-address value in the my.cnf file on the remote server. For most people, the bind-address value is 127.0.0.1, but I have my MySQL server bound to a local network address (192.168.0.x). The correct command for me, therefore, was:
It seems that the "remote address" in the SSH command is the value used by MySQL to associate the tunneled user with an IP address. Depending on your configuration, MySQL likely either refuses connections from remote IPs or only allows the user you are logging in as to log in from locahost. Since we can't self-identify as "localhost" (we have to force TCP activity) we need to use an IP address, and that IP address needs to be whatever MySQL identifies as its own. This is the value of bind-address. In many cases, this is going to be 127.0.0.1 (that's why you see this proposed solution everywhere), but that's not always the case. Check your bind-address value!