SupportSupport

Home » DbVisualizer Forums » DbVisualizer » DbVisualizer - Support

Thread: ssh tunneling for dummies :)

This question is not answered. Helpful answers available: 2. Correct answers available: 1.

Reply to this Thread Reply to this Thread Search Forum Search Forum Back to Thread List Back to Thread List

Permlink Replies: 8 - Pages: 1 - Last Post: Jul 29, 2010 8:26 PM Last Post By: Steve Jakob
Terrence Brannon

Posts: 30
Registered: 01/02/08
ssh tunneling for dummies :)
Posted: Jun 30, 2010 4:53 PM
ssh , tunneling , connection , oracle
 
  thread.click_reply Reply
Hello,

here is what I have to do to connect to the Oracle database.

From my cygwin termiinal, I type
ssh root at machine1 dot net
once I'm on machine1.net, then I type
ssh machine2.net
then when on machine2.net, I simply use the dsn, user and password from a config file of connections to connect via the Perl DBI:

my $database_handle = DBI->connect($dsn, $user, $password);

so I have read the thread on ssh tunneling:
http://www.dbvis.com/forum/thread.jspa;jsessionid=CBFD042AF4842398B4B13F148C2532D1?messageID=11258

but I need more help to get this working.

I am willing to install windows tools such as putty if that makes this easier.

Thank you!

What do I need to do step by step in order to get something connected so that db visualizer can connect to that?

Terrence Brannon

Posts: 30
Registered: 01/02/08
Re: ssh tunneling for dummies :)
Posted: Jun 30, 2010 8:43 PM   global.in_response_to.tooltip in response to: Terrence Brannon 		 
  thread.click_reply Reply
A bit of an update. I have downloaded and installed stunnel - http://www.stunnel.org/download/binaries.html

we have an stunnel config file that looks like below.

The question still remains. What exactly do we do with stunnel and db visualizer in terms of setup.

client=yes
verify=3
CAfile=stunnel.pem
cert=stunnel.pem

[oradev01.robin.oreo.net:oracle]
accept = 30003
connect = oradev01.robin.oreo.net:11521

[ora10gt.robin.oreo.net:oracle]
accept = 30004
connect = oradev01.robin.oreo.net:11521

[oraqa01.robin.oreo.net:oracle]
accept = 30011
connect = oraqa01.robin.oreo.net:11521

[oranim01.vwh.net:oracle]
accept = 30015
connect = oranim01.hsd.net:11521

Edited by: Terrence Brannon on Jun 30, 2010 9:00 PM

Roger Bjarevall


Posts: 4,587
Registered: 12/17/04
Re: ssh tunneling for dummies :)
Posted: Jun 30, 2010 8:52 PM   global.in_response_to.tooltip in response to: Terrence Brannon 		 
  thread.click_reply Reply
Terrence,

I only have experience with OpenSSH.

This is the command I use to setup the tunnel:

ssh -L '1522:localhost:1521' remotehost.com 'ping -i 60 localhost'

1) 1522 is the local port that I will use to access the Oracle server
2) localhost is my localhost
3) 1521 is the remote port that I want the tunnel to access
4) remotehost.com is the host where the Oracle server is running
5) The last ping -i 60 localhost is needed since otherwise will my tunnel timeout after 30 minutes. The ping is a hearbeat every 60 seconds preventing the tunnel to close

Now in DbVIsualizer I connect using:

jdbc:oracle:thin:@localhost:1522:ORCL

This is for OpenSSH. Since the SSH tunneling setup is something that is defined outside DbVIsualizer I cannot really comment how it works with other products. Please check the accompanying documentation for the SSH software how to define the tunnel. I've heard that Putty should be easy to get going in case you haven't checked it.

Best Regards

Roger
Terrence Brannon

Posts: 30
Registered: 01/02/08
Re: ssh tunneling for dummies :)
Posted: Jun 30, 2010 9:29 PM   global.in_response_to.tooltip in response to: Roger Bjarevall 		 
  thread.click_reply Reply
Roger Bjarevall wrote:
Terrence,

I only have experience with OpenSSH.

This is the command I use to setup the tunnel:

ssh -L '1522:localhost:1521' remotehost.com 'ping -i 60 localhost'


I did that using Cygwin (which uses OpenSSH) and I got:
[t.brannan@bcrtfl1-d30h7f1: ~] ssh -L '1522:localhost:30012' ora01.hhh.net 'ping -i 60 localhost'
ssh: connect to host ora.hhh.net port 22: Connection timed out

it seems to be ignoring the :30012 part of the -L command

I've heard that Putty should be easy to get going in case you haven't checked it.

stunnel seems to be straightforward (almost)... you simply setup an entry saying what port you will accept on the localhost and what host and port you want to ssh to.

Per the screencast:
http://www.screencast.com/users/terrence_work/folders/Jing/media/392fe155-0b2e-4319-be3d-bf25d3d511bb

you can see that it creates an ssh session when it tries to connect. However, the attempt to connect via ssh tunneling dies with the error:

An error occurred while establishing the connection:
Type: java.sql.SQLRecoverableException Error Code: 17002 SQL State: 08006
Message:
IO Error: Connection reset

Edited by: Terrence Brannon on Jun 30, 2010 9:29 PM
Roger Bjarevall


Posts: 4,587
Registered: 12/17/04
Re: ssh tunneling for dummies :)
Posted: Jun 30, 2010 9:46 PM   global.in_response_to.tooltip in response to: Terrence Brannon 		 
  thread.click_reply Reply
Terrence,

Terrence Brannon wrote:
Roger Bjarevall wrote:
Terrence,

I only have experience with OpenSSH.

This is the command I use to setup the tunnel:

ssh -L '1522:localhost:1521' remotehost.com 'ping -i 60 localhost'

I did that using Cygwin (which uses OpenSSH) and I got:
[t.brannan@bcrtfl1-d30h7f1: ~] ssh -L '1522:localhost:30012' ora01.hhh.net 'ping -i 60 localhost'
ssh: connect to host ora.hhh.net port 22: Connection timed out

You need to figure out why the tunnel cannot be established.

This is what I get when it is running:

~> ssh -L '1522:localhost:1521' remotehost.com 'ping -i 60 localhost'
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.021 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.029 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.021 ms
...

it seems to be ignoring the :30012 part of the -L command

I've heard that Putty should be easy to get going in case you haven't checked it.
stunnel seems to be straightforward (almost)... you simply setup an entry saying what port you will accept on the localhost and what host and port you want to ssh to.

Per the screencast:
http://www.screencast.com/users/terrence_work/folders/Jing/media/392fe155-0b2e-4319-be3d-bf25d3d511bb

you can see that it creates an ssh session when it tries to connect. However, the attempt to connect via ssh tunneling dies with the error:

An error occurred while establishing the connection:
Type: java.sql.SQLRecoverableException Error Code: 17002 SQL State: 08006
Message:
IO Error: Connection reset


This is most likely related to the error with the tunnel not running properly.

Regards

Roger

Terrence Brannon

Posts: 30
Registered: 01/02/08
Re: ssh tunneling for dummies :)
Posted: Jun 30, 2010 10:02 PM   global.in_response_to.tooltip in response to: Roger Bjarevall 		 
  thread.click_reply Reply
more updates: I cannot even ping the machine I am trying to ssh to, so until something that simple works, I cant expect a tunnel to be formed.

More updates later.
Terrence Brannon

Posts: 30
Registered: 01/02/08
Re: ssh tunneling for dummies :)
Posted: Jun 30, 2010 10:49 PM   global.in_response_to.tooltip in response to: Roger Bjarevall 		 
  thread.click_reply Reply
Roger Bjarevall wrote:
Terrence,

Terrence Brannon wrote:
Roger Bjarevall wrote:
Terrence,

I only have experience with OpenSSH.

This is the command I use to setup the tunnel:

ssh -L '1522:localhost:1521' remotehost.com 'ping -i 60 localhost'

I did that using Cygwin (which uses OpenSSH) and I got:
[t.brannan@bcrtfl1-d30h7f1: ~] ssh -L '1522:localhost:30012' ora01.hhh.net 'ping -i 60 localhost'
ssh: connect to host ora.hhh.net port 22: Connection timed out
You need to figure out why the tunnel cannot be established.

One question: arent ssh authentication credentials or a public key required on the machine I'm trying to form a tunnel to?


This is most likely related to the error with the tunnel not running properly.


Right, if I cant ping the server, how can I expect ssh to work?
Roger Bjarevall


Posts: 4,587
Registered: 12/17/04
Re: ssh tunneling for dummies :)
Posted: Jul 1, 2010 8:55 AM   global.in_response_to.tooltip in response to: Terrence Brannon 		 
  thread.click_reply Reply
Terrence,

Terrence Brannon wrote:
Roger Bjarevall wrote:
Terrence,

Terrence Brannon wrote:
Roger Bjarevall wrote:
Terrence,

I only have experience with OpenSSH.

This is the command I use to setup the tunnel:

ssh -L '1522:localhost:1521' remotehost.com 'ping -i 60 localhost'

I did that using Cygwin (which uses OpenSSH) and I got:
[t.brannan@bcrtfl1-d30h7f1: ~] ssh -L '1522:localhost:30012' ora01.hhh.net 'ping -i 60 localhost'
ssh: connect to host ora.hhh.net port 22: Connection timed out
You need to figure out why the tunnel cannot be established.
One question: arent ssh authentication credentials or a public key required on the machine I'm trying to form a tunnel to?

You should be prompted every time establishing the tunnel if credentials are not on the server.

This is most likely related to the error with the tunnel not running properly.
Right, if I cant ping the server, how can I expect ssh to work?

Exactly.

Regards

Roger
Steve Jakob

Posts: 59
Registered: 10/01/06
Re: ssh tunneling for dummies :)
Posted: Jul 29, 2010 8:26 PM   global.in_response_to.tooltip in response to: Terrence Brannon 		 
  thread.click_reply Reply
Terrence Brannon wrote:

Right, if I cant ping the server, how can I expect ssh to work?


Not necessarily. Sometimes network administrators will block ICMP (ping) packets, while allowing SSH. If you want to check whether you can access a remote host via SSH you can test with telnet:

telnet remotehost 22

... where remotehost is the IP name or address of the remote server and 22 is the port used for SSH.
Pages: 1
Back to Thread List Back to Thread List

Point your RSS reader here for a feed of the latest messages in all forums