Monday, September 21, 2015

Dual node SSH tunnel with putty

When connecting to a remote Linux server over SSH you have the option to create a tunnel from the remote server back to your local workstation. This can be very handy in case you, for example, need to map the port from the remote server to a localhost port on your workstation. For example, if the only allowed connection is SSH to the server and port 1521 is running on the server for the database you will not be able to remotely connect to port 1521 directly. You can use a tunnel over port 22 (ssh) and create a tunnel within this session to your local machine so you can connect to localhost:1521 and communicate (via the SSH tunnel) with the database.

The above use is quite straight forward, when using a Linux workstation creating a tunnel is quite straightforward, when using Windows with putty this is also done quite easy with creating a tunnel profile in putty. It gets more interesting when you have the below shown configuration.

In this situation you have a windows laptop which is only able to connect to the “jump server” via SSH. However, when you like to make use of Oracle SQL developer and connect to the database on the database server you will not be able to connect directly on port 1521 or create a direct tunnel between your workstation and port 1521 via a tunnel.

You will need to create a tunnel between your workstation to the “jump server” and from the “jump server” to the database server. This is in essence a double hop tunnel. To arrange this take the following steps:

  • Configure on your windows workstation a putty tunnel where the source will be 45678 and the destination is localhost:45678  (see screenshot below)
  • Connect with this configuration from your workstation to the “jump server”.
  • Execute the following command while on the “jump server” shell: ssh -L 45678:database-server root@database-server
  • While on your workstation connect Oracle SQL Developer to localhost: 45678

This should enable you to use Oracle SQL Developer locally by making use of a dual hop SSH tunnel to the database server via the “jump server”.

No comments: