Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I connect to Oracle Database 11g server through ssh tunnel chain (double tunnel, server in company network)?

I have SSH access to 'public' server, which is also the gateway to company network. There is another server in the network, where local Oracle Database server is running (There is no access from outside of this server, only localhost DB connections are accepted). And of course, I have another SSH access to this server.

Is there any way to join to this Oracle Database 11g Server from outside of the network ? I am asking if there is something like ssh tunnel chain, and how i configure it. This can be usefull, for example, for TOAD for Oracle (ORACLE client).

EDIT: Here is image

alt text Thanks

like image 428
Michal Drozd Avatar asked Sep 06 '10 19:09

Michal Drozd


People also ask

Which kind of tunnels can be used with SSH?

Transporting arbitrary data streams over SSH sessions is also known as SSH tunneling. OpenSSH, a popular open-source SSH server, supports three types of tunneling features- local port forwarding, remote port forwarding, and dynamic port forwarding.

Can you have multiple SSH tunnels?

Create multiple tunnels using a single ssh connection: multiple tunnels can be established using a single connection to a ssh server by specifying different --destination flags. Aliases: save your tunnel settings under an alias, so it can be reused later.


2 Answers

Yes, it's possible. E.g. on Linux, run

ssh -N -Llocalport:dbserver:dbport yourname@connectionserver 

where

  • localport is the port on your machine which will be forwarded (can be 1521 if there is no local instance of oracle running)
  • dbserver is the name or IP of the database server
  • dbport is the port of the database (usually 1521)
  • yourname is the login on the connectionserver
  • connectionserver is the machine where you have ssh access

The same can be done on Windows using Plink (which comes with Putty):

plink -N -L localport:dbserver:dbport yourname@connectionserver 

Do this on both machines (your local machine and the server you have access to) to chain the ssh tunnels. Example:

Connection server (assuming Linux):

ssh -N -L1521:dbserver:1521 dblogin@dbserver 

Your PC:

plink -N -L 1521:connectionserver:1521 connlogin@connectionserver 

The tnsnames.ora entry must look like you are running a local database, e.g.

prodoverssh =   (DESCRIPTION =     (ADDRESS_LIST =       (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))     )     (CONNECT_DATA =       (SERVICE_NAME = prod)     )   ) 
like image 134
Erich Kitzmueller Avatar answered Sep 20 '22 04:09

Erich Kitzmueller


Thanks!

I called ssh -N -LXXXX:server:YYYY login@server twice.

First, I called

ssh -L 9998:127.0.0.1:9997 [email protected] 

on my PC.

Then, on this server (during the SSH session), I called

ssh -L 9997:localhost:1521 [email protected] 

where 192.168.105.111 is server where ORACLE was running.

So what I did is following redirection:

1521 (COMPANY ORACLE SERVER)    -> 9997 (COMPANY GATEWAY SERVER)      -> 9998 (LOCAL PC) 

So I got ORACLE access in my local PC at port 9998 !

like image 22
Michal Drozd Avatar answered Sep 21 '22 04:09

Michal Drozd