发表新帖
发表新帖

How can I connect to Oracle Database 11g server through ssh tunnel chain (double tunnel, server in company network)?

后端 未结
关注
4 583
执念已碎
执念已碎 2020-12-12 21:26

I have SSH access to \'public\' server, which is also the gateway to company network. There is another server in the network, where local Oracle Database se

相关标签:
4条回答
  • 猫巷女王i
    2020-12-12 21:35

    Yes, it's possible. E.g. on Linux, run

    ssh -N -Llocalport:dbserver:dbport yourname@connectionserver

    where

    • localport is the port on your machine which will be forwarded (can be 1521 if there is no local instance of oracle running)
    • dbserver is the name or IP of the database server
    • dbport is the port of the database (usually 1521)
    • yourname is the login on the connectionserver
    • connectionserver is the machine where you have ssh access

    The same can be done on Windows using Plink (which comes with Putty):

    plink -N -L localport:dbserver:dbport yourname@connectionserver

    Do this on both machines (your local machine and the server you have access to) to chain the ssh tunnels. Example:

    Connection server (assuming Linux):

    ssh -N -L1521:dbserver:1521 dblogin@dbserver

    Your PC:

    plink -N -L 1521:connectionserver:1521 connlogin@connectionserver

    The tnsnames.ora entry must look like you are running a local database, e.g.

    prodoverssh =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = prod)
    )
  )
    0 讨论(0)
  • 伪装坚强ぢ
    2020-12-12 21:50

    I had the same issue as @j_maly here in comments, it is possible to connect using just one tunnel to the "GATEWAY" doing this in "MY REMOTE PC" (linux):

    ssh -L 1521:DATABASE_URL_OR_IP:1521 USER@GATEWAY

    But after getting ORA-12170: TNS:Connect timeout occurred over and over again. I've done this:

    • In GATEWAY, connect something against oracle that works, in my case, sqldeveloper (sqlplus should work too). Let's guess the oracle working url in sqldeveloper is database.company.ex

    • In GATEWAY run netstat -putan | grep 1521, and here is the issue:
      I found that connection has other database ip and domain than the previous known and supposedly connected (database.company.ex).

    • So You should put the ip or url showed in the result of netstat -putan | grep 1521 in "GATEWAY"

      ssh -L 1521:DATABASE_URL_OR_IP_SHOWED_IN_NETSTAT:1521 USER@GATEWAY

    I don't know why this happens exactly, but I found several ips to connect to the same database, and I can't connect from some of them, to solve the problem we must find the correct ip.

    It's important to mention that you could also change the local port (11000 in this case) and run this command with no output (-fN)

    ssh -fN -L 11000:DATABASE:1521 USER@GATEWAY
    0 讨论(0)
  • 囚心锁ツ
    2020-12-12 21:56

    Thanks!

    I called ssh -N -LXXXX:server:YYYY login@server twice.

    First, I called 

    ssh -L 9998:127.0.0.1:9997 login@gate.company.cz

    on my PC.

    Then, on this server (during the SSH session), I called

    ssh -L 9997:localhost:1521 root@192.168.105.111

    where 192.168.105.111 is server where ORACLE was running.

    So what I did is following redirection: 

    1521 (COMPANY ORACLE SERVER) 
  -> 9997 (COMPANY GATEWAY SERVER)
     -> 9998 (LOCAL PC)

    So I got ORACLE access in my local PC at port 9998 !

    0 讨论(0)
  • 野的像风
    2020-12-12 21:59

    you can add as well the -f option which run the ssh command in the background.

    0 讨论(0)
 看不清?
提交回复
热议问题