SQLDeveloper and SSH Tunnels

I saw @krisrice post this

I’ve been using SQLDeveloper for a long time now and have always setup my SSH Tunnels separately (using tools like Meerkat). So I thought I’d take a look at how easy it is to use SSH Tunnels natively with SQLDeveloper.

Turns out it’s incredible simple to configure, simply go to your database connection properties

2014-09-16_10-13-08

Notice here that my connection is to localhost (since I’ll be using an SSH tunnel to connect to the remote machine), you could alternatively use a bastion host.

Click on the Advanced button and then select the SSH tab

All you need to do is specify the hostname you want to connect to along with the username. You could specify a password when you connect, but I’m using a keyfile so that I can essentially have passwordless login.

That’s it! Now when I try to connect to the remote connection, the SSH Tunnel kicks in and I don’t need to worry about setting up an SSH Tunnel externally to SQLDeveloper. Another nice side-effect of this is if I export the connection, I can share it with someone else and don’t need to worry about telling them to setup an SSH Tunnel as that information is also embedded in the connection export file (although obviously they’d need either the password or the Key File).

Perhaps not a marquee new feature in SQLDeveloper but a very welcome one!

2 thoughts on “SQLDeveloper and SSH Tunnels

  1. AZ

    John,
    this does looks interesting, but i found your comments and Help section in SQLDeveleoper to be mutually exclusive. As the result i’m somewhat confused.

    Here is the excert from help of the latest sqldeveloper version:

    Connections with SSH Authentication
    SSH (Secure Shell) authentication enables you to specify that the SSH protocol should be used to authenticate users attempting to connect to the database. To enable SSH authentication, click Advanced Properties in the properties display for a connection, then click the SSH tab in that dialog box…”

    The way i read this is “..SSH protocol should be used to authenticate users attempting to connect to the database..” It says NOTHING about tunneling or how that is implemented in the software.

    Now, let’s get to your comment. You say that you have a bastion server and that SD will esteblish the tunnel to the DB server behind the bastion server. Sounds like configuration that i have here.

    And to get SD to work in the env:
    laptop -> bastion -> DB server
    i had to actually reverse the parameters you provided:
    connection window – all parameters stay as in “notmal” (non tunnel/proxy) situation
    in “proxy” window you specify the hostname of the bastion server.
    ports – in connection window ( as i mentioned) port ramians the original remote DB port; in proxy window – ssh port (usually 22) where ssh deamon is listeneing on bastion.

    Like

    Reply
  2. David Shaw

    Interesting post, I’m currently attempting this in my environment but it has an extra twist.

    DBServer:1521 -> ENVJumpbox -> My Client.

    I’m a little stumped as to how I can get this working. I’ve got tunnels working to the node and can telnet to the DB Port from my local box but I’m struggling to get SQL Dev to connect.

    I’ll update if I figure it out….

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s