In my development shop, we deploy code on virtual servers that sit on a remote network.
We access the machines on that network by first opening an SSH connection to a gateway server, and then SSH-tunneling RDP over a local port.
I would very much like to be able to locally access SQL Server instances running on these servers in the same way.
I've set up a local port (3398) to redirect to the SQL Server port on the remote instance (L3398 -> remote.machine.com:1433).
I can then actually test the connection by telnetting to localhost 3398, and I get a connection: the screen clears and I can type characters to some listening process.
But when I try to connect SSMS to localhost:3398, it times out and then claims that there is no SQL Server listening on that port:
Cannot connect to localhost:3398
Additional information:
A network-related or instance-specific error occurred while establishing a connection
to SQL Server. The server was not found or was not accessible. Verify that the
instance name is correct and that SQL Server is configured to allow remote
connections. (...)
I am sure that the server accepts remote connections, because I have connected to it remotely while logged in via RDP to a different machine within the remote network.
I have Googled around to know that this is possible; does anyone have some idea why this isn't working, or what I might do to diagnose and hopefully fix the problem?
Thanks!
All you need is a server in the office which accepts SSH connections and can connect to the SQL Server. This will serve as a gateway or makeshift proxy server. With the proper port forwarding setup, you can connect to your database from anywhere.
Instead of connecting to localhost:3398 Use 127.0.0.1,3398
For Authentication type Azure Active Directory - Universal with MFA
(Mutli-Factor Authentication), in addition to specifying the port correctly (127.0.0.1,3398
), I also had to point the host to localhost
.
On Windows, I had to edit my hosts
file to include the server host:
127.0.0.1 server.example.com
Then, in SSMS, I could connect to server.example.com,3398
, which would perform the MFA correctly.
I could have performed this redirection at a higher DNS level as well.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With