Skip to end of metadata
Go to start of metadata

Only in DbVisualizer Pro

This feature is only available in the DbVisualizer Pro edition.

A database that sits behind a firewall cannot be accessed directly from a client on the other side of the firewall, but it can often be accessed through an SSH tunnel. The firewall must be configured to accept SSH connections and you also need to have an account on the SSH host for this to work.

If you need to access a database that can only be accessed vi an SSH tunnel, you need to specify additional information in the Use SSH Tunnel area of the Connection tab. 

This area is only shown when the Server Info settings format is selected, and only for databases identified by at least a Database Server and a Database Port (i.e. not for embedded databases or when using the TNS Connections Type for an Oracle database, or similar).

Enable SSH tunneling by clicking on the checkbox. When it is enabled, five additional fields are shown.

The SSH Host is the name or IP address for the host accepting SSH connections. The SSH Host is typically the same as the Database Server. Enter the port for SSH connections in the SSH Port field. The default value is 22. 

You may also enter the userid and password for your SSH host account in the SSH Userid and SSH Password fields, but see Setting Common Authentication Options for other options. Alternatively, you can enter the path to a private key file (using either the RSA or DSA algorithms) in the Private Key File field. The SSH Password field is then replaced by a Key Passphrase field where you can enter the passphrase if the private key is protected with one.

When SSH tunneling is enabled, a tunnel is established when you connect to the database and the connection is then made through the tunnel by constructing a JDBC URL that uses information from both the Connection and Use SSH Tunnel sections. 

If you're familiar with using the ssh command to set up a tunnel manually, you may be interested in more details. The tunnel corresponds to the tunnel you would set up with the ssh command like this:

ssh -p <SSHPort> -L<LocalPort>:<DatabaseServer>:<DatabasePort> <SSHUserid>@<SSHHost>

where the placeholders correspond to the fields in the Connect and Use SSH Tunnel sections, except for <LocalPort> which is any available port, determined at connect time. 

Note that when using an SSH tunnel, the Database Server is evaluated on the SSH host. If the database server is running on the SSH host, you can therefore set Database Server to localhost in case the database only accepts local connections.

The JDBC URL is constructed using 127.0.0.1 as the Database Server portion and <LocalPort> as the Database Port portion, e.g. like this for the Oracle Thin driver when <LocalPort> is 50538:

jdbc:oracle:thin@127.0.0.1:50538/XE

In other words, the JDBC driver connects to the SSH tunnel's local port, which then forwards all communication to the database server.

The URL that is used for the connection is shown at the top of the Object View tab for the database connection when a connection is established, along with a certificate icon if the connection is made through an SSH tunnel.

If you use the SSH Tunnel feature, you may also want to configure a few things in Tools->Tool Properties. In the Database Connection/SSH Settings category under the General tab, you can specify an SSH Keep-Alive Interval to minimize the risk that the tunnel is disconnected due to inactivity, and an SSH Known Hosts File so you don't have to accept connections to known SSH hosts every time you connect.

  • No labels