How to access a database via SSH tunnel?
Building a tunnel (using SSH) means that you can connect a network to another computer, and this port (which is encrypted) is used to route another port.
According to our security concept, it is not possible to access any database server directly from the public internet, as they are placed in a separate virtual network that is not accessible from the public internet, but only from within your AWS environment. To access your database from the outside, you need to go through the Jump-Server/Gateway/natgw. You can find its IP address in the project documentation separately for each environment (TEST or PROD). You get the database credentials with this helper script by running it directly on an instance in the application zone.
Preconditions
You need access to jumphost with you personal Openssh access key. Access an environment via OpenSSH or Putty
How to connect
ssh -L<localport>:<dest_server>:<dest_port> <username>@<Jump-Server>
On Linux, ports below 1024 can only be used as root; All others are freely usable. Therefore, the default MySQL-port 3306 can be used.
<dest_server> is where we want to ultimately connect to, here it is the MySQL-instance that listens on its TCP port 3306. To connect to it, you need to know its name from the perspective of the Jump-Server. You can find that name in your environments dashboard at https://my.root360.cloud in the RDS section under endpoint.
A common example is:
ssh -L 3306:mysql.eu-central-1.rds.amazonaws.com:3306 <ProjectUser>@<Jump-Server>
The connection is created and we are asked for the password for User [ ProjectUser] on the gateway. If necessary, the command can also be combined with parameter -A to use SSH Agent forwarding.
The connection from the local computer to the Jump-Server is encrypted, the connection inside your environment from the Jump-Server to the database is not encrypted.
Installation via putty
The use of SSH tunnels is also possible with Putty. The necessary configuration can be found in the configuration profile of the Jump-Server under Connection> SSH> Tunnels
"Source port" is the local port on your machine (in the example 3306) and "Destination" is the hostname and remote port of the destination server (in the example **********.eu-central-1.rds.amazonaws.com:3306). Confirm the configuration with the [Add] button. To enable this setting for each connection setup, the connection profile must be saved again.
Use the tunnel connection
After the connection has been established with the configured SSH tunnel, the destination server is accessible via 127.0.0.1 and the configured source port.
E.g. 127.0.0.1:3306 for a MySQL connection according to the screenshot.
Related tutorials
Related components
intermediate
Related questions
root360 Knowledge Base - This portal is hosted by Atlassian (atlassian.com | Privacy Policy)