问题
In my development shop, we deploy code on virtual servers that sit on a remote network.
We access the machines on that network by first opening an SSH connection to a gateway server, and then SSH-tunneling RDP over a local port.
I would very much like to be able to locally access SQL Server instances running on these servers in the same way.
I've set up a local port (3398) to redirect to the SQL Server port on the remote instance (L3398 -> remote.machine.com:1433).
I can then actually test the connection by telnetting to localhost 3398, and I get a connection: the screen clears and I can type characters to some listening process.
But when I try to connect SSMS to localhost:3398, it times out and then claims that there is no SQL Server listening on that port:
Cannot connect to localhost:3398
Additional information:
A network-related or instance-specific error occurred while establishing a connection
to SQL Server. The server was not found or was not accessible. Verify that the
instance name is correct and that SQL Server is configured to allow remote
connections. (...)
I am sure that the server accepts remote connections, because I have connected to it remotely while logged in via RDP to a different machine within the remote network.
I have Googled around to know that this is possible; does anyone have some idea why this isn't working, or what I might do to diagnose and hopefully fix the problem?
Thanks!
回答1:
Instead of connecting to localhost:3398 Use 127.0.0.1,3398
回答2:
The issue is probably that SSMS is trying to access the SQL Server Browser Service, which is UDP port 1434. Take a look at http://technet.microsoft.com/en-us/library/cc646023.aspx for an overview of the additional ports you may need to forward to get this to work.
回答3:
I'm pretty sure I figured out the answer to this, actually.
On the remote network (which we don't control), for security purposes, it appears that the database servers are set up to ignore database requests coming from the gateway machine. So I guess there's just no good solution short of convincing them to give us full VPN access. Thanks everyone for your help.
回答4:
For Authentication type Azure Active Directory - Universal with MFA (Mutli-Factor Authentication), in addition to specifying the port correctly (127.0.0.1,3398), I also had to point the host to localhost.
On Windows, I had to edit my hosts file to include the server host:
127.0.0.1 server.example.com
Then, in SSMS, I could connect to server.example.com,3398, which would perform the MFA correctly.
I could have performed this redirection at a higher DNS level as well.
来源:https://stackoverflow.com/questions/6915472/accessing-sql-server-over-an-ssh-tunnel