Connect to database through two ssh tunnels in IntelliJ IDEA - database

I'm trying to add a postgresql database as a datasource in IntelliJ IDEA Ultimate.
I've worked with a datasource through ONE ssh tunnel already. But now the database server is behind a firewall which only accepts ssh connections from a management server. The only way to access the db server goes over the management server.
So I (or IntelliJ) have to connect via ssh to this server and then, by using another user, tunnel via ssh to the database server.
Everything clear? :-D
The problem is, that IntelliJ offers only to configure one ssh tunnel. But after the first tunnel I need to use a second one, to finally connect to the database server...
Any Ideas?
Thx in advance.

I'd create a local port forward using OpenSSH or any similar tool which will forward 127.0.0.1:2222 to firewall:22 via the Management Server, then use IntelliJ IDEA tunnel configuration to 127.0.0.1:2222 like you would do with the single tunnel.
ssh -L 127.0.0.1:2222:firewall:22 <management server>
You can configure an External Tool to automate this process. On Windows machine I had great experience with Bitvise SSH Client for creating tunnels/port forwards and starting them automatically.

ssh supports your scenario out of the box. The trick is to create two entries in your ~/.ssh/config file for the management server, one for your-user and one for special-user. Then use ProxyJump to chain your connections together.
So, start by setting up a Host section for the management server and the user your are connecting to from your local machine:
Host mgmt
HostName management.server.com
User your-user
...
Then, set up a Host for the user on the management server that you will be logging in as:
Host mgmt-special-user
HostName management.server.com
User special-user
To this same host, add a directive to tell ssh to create a tunnel to your DB:
LocalForward <free-port-on-your-box> <db-ip-or-host>:<db-port>
Then tell ssh that this host can be reached from the first host:
ProxyJump mgmt
You can now ssh mgmt-special-user from your local machine. ssh will automatically jump through the mgmt host, and will also automatically extend the tunnel through mgmt and back to your local machine.
ProxyJump (-J) was added in OpenSSH 7.3 (released in 2016).

Related

Connect to MS SQL Server 2014 from a computer on a different network

I have created an Application in VB.NET with database in MSSQL 2014.
I have configured TCP/IP=1433, UDP=1434, Windows Firewall is configured to allow 1433, 1434, sqlserver.exe, sqlbrowser.exe and server's login settings are configured. Application is working on my laptop which is on the same Internet connection as the host computer. I am trying to use the Application on client computer which is on another network and getting NAMED PIPES PROVIDER error40.
This is connection I am using:
Data Source=myServerName;InitialCatalog=dbName;UserId=clientcomputerName;Password=x
Do I need to configure client's computer in any way?
Does your DNS/HOSTS file resolve the remote computer name? Try IP address instead if not. Not sure but not all versions of SQL support remote connections via Named Pipes (can sometimes get round this by using registry hacks to add the connection as ODBC)

Forward SQL Server ODBC over SSH via putty

I would like to access a Azure SQL database. It is accessible on port 1433. However, the firewall is blocking this request. Therefore, I wold like to tunnel my connection.
Setup
The client is running on Windows 10. I can connect to a remote linux server. This server runs at home and when I'm at home, I am able to access the SQL database. So I assume my linux server is also able to connect to the Azure database.
Tunnel request?
I want to access the database via an ODBC connection. So, I tried to tunnel the connection using putty:
Putty connects to linux server and tunnels localhost:2433 to server-url:1433
Client connects to localhost:2433
Client has access to database
However, this is not working.
What goes wrong?
I am able to connect using putty to linux server.
I have setup a tunnel inside putty at the Connection > SSH > Tunnels page:
Source port: 2433
Destination: server-url:1433
I have set the radio buttons to Local and auto.
What goes wrong here? I don't know how I can investigate this properly. Maybe there is a problem at my linux server, that it can't connect to Azure SQL. But I think my tunnel is not working correctly. Can you help?
I didn't get it to work with putty, but if you have access to a shell you can use
ssh -L <local_port>:localhost:<remote_port> user#server -i "path to your private key file if you need one for authentification"
So in your specific example it would be
ssh -L 2433:localhost:1433 user#server-url
I used this to create an ODBC connection from RStudio (you can use the built in terminal to establish the tunneling) to a postgres db running in a docker container on azure.

Can I connect to a SQL Server that is external to my network?

I'm not sure if this is possible.
My office Pc sits on the corporate network and to access anything outside this network I have to provide my username and password to get though the proxy.
We have recently purchased a hosted server external to this network so that we can host demo applications that can be access from anywhere. However when we need to connect to the server to update or work on the database we need to use a PC that is not on our network as there is no way to provide my username and password as either part of a connection string or in the management console.
The external server is running SQL Server 2008.
Any advise would be much appreciated as I'm not sure if this is even possible.
Thanks!
You can create an http tunnel between the server and the computer from which you want to access the SQL server.
Use HTTPtunnel GNU package for the organization HTTP tunnel.
Here an example of a HTTP tunnel to connect to the MySQL server.
To connect to SQL server you must specify the appropriate port.
try to use TeamViewer.
1. Installed on the server TeamViewer ... during the installation process specify a fixed password for remote access. remember or write ID (9 digits)
2. on your work computer install teamviewer.
connect to remote server ID and password.

To Remotely connect a SQL Database through Internet

I want to connect to a remote computer though internet to connect a SQL Server database. I tried using Teamviewer successfully. Is there any other free tool which can be used in lieu of Teamviewer ?
There are are a few options.
1) Setup up VNC (there are a lot of free VNC implementations). If you set it up, I would recommend setting it up using SSH or some form of encryption so you are secure.
2) Set up a remote vpn connection. If the remote router supports something like DDWRT you can install that and set up you can vpn in to the remote network and access the machine as if you were there locally.
3) Set up port forwarding on the remote router so that when you connect to a specific port (default for SQL server is 1433) it forwards your request to the remote machine and then you just connect to the external IP of the remote router.
4) Set up port forwarding for Windows remote desktop. Basically the same as #3 except a different port and you'd use RDP to connect to the machine first instead of SQL server.
You can use MySQL Workbench tool for this purpose .. it's really simple ...
Just configure a new connection with the tool and you get to access the database remotely...
Just connect directly using SQL Server authentication
Update: or use trusted connection through VPN (IPSec).
If this question involves connection to SQL Server through internet. If not, then it is not development question and does not belong to SO.

connect sql server 2005/2008 over internet

How do I connect to SQL Server 2005/2008 using Management Studio or other desktop application over the internet?
Check out WCF Data Services:
http://msdn.microsoft.com/en-us/data/bb931106.aspx
That way, you don't have to totally expose your database server out to the internet, but you get fine grained control over what gets exposed and who (which type of user) can see or modify what.
Marc
I finally solved this by:
Changing default SQL Port to 8080 from 1433 (our ISP was blocking)
Turning off Windows Firewall on the server. I know this is not a long term solution, but at least I was able to pinpoint the problem. I had set two inbound firewall rules to allow port 8080 and SSMS program, on the server. I created an outbound firewall rule on the client for SSMS (but don't think this mad a difference).
I had to change all apps to use the new port instead of the default port. I had to configure our router to handle the new port 8080 and forward to the database server.
I will modify the Windows Firewall settings to see what was blocking SSMS.
DB Server: Windows 7 Pro 64bit 24 GB RAM
If you put 'your' SQL server (any brand, I'm not bashing) on the internet ... it won't be yours for long, unless you add some rather effective security measures ...
I suggest you look into VPN.
To be able to access your database over the internet, you will need to make sure that the server that hosts the database is accessible over the internet and the port that the database instance uses is open on that machine. You will also need to allow remote connections using the SQL Server Configuration Tool.
For Management Studio access I would recommend rather than opening the server to the outside to use a VPN solution that allows you to create a secure connection to the server and from there you can use the server name or IP to connect as if your machine is part of that network.
For the desktop application I would recommend looking into having the data be consumed through a web service or WCF rather than needing to have a direct connection to the database over the internet.
Hope this helps.
Firstly, if we put security consideration on the side, you have to configure SQL server (sql surface area configuration) to accept traffic, then you have to open proper ports on you server and allow inbound traffic thru to your router to the SQL server.
When you open sql server management studio in connect to server window and at the server name type the IP of your server and enter your username and password.
correct format : IP\InstanceName
you should have a user on target database.

Resources