Our setup utilises a secure bastion host protected by Google Authenticator's time-based one-time password authentication for added security.
If your DB is protected by a Jump Server. Then we can't directly connect the db with DBeaver , it does not have built-in support for Google Authenticator.
So we're going to create local ssh tunnel then connect the DBeaver to our tunnel.
There are many ways to create a ssh tunnel, Such as by using
terminal. Right now we're going to use
terminal (Linux / Mac). If you're using windows you can use any
PuTTY to create a tunnel.
I have a
key to connect to host, In a single command we can create a local ssh tunnel.
ssh -L <local_port>:<remotemariadbhost>:<remote_port> <bastion_user>@<bastion_host> -i <path_to_ssh_key>
Breaking down of the command
ssh - the command to initiate an SSH connection
-L - local port forwarding option, which sets up a secure tunnel between the local machine and the remote MariaDB host through the bastion host
local_port - the local port number to use for the secure tunnel
remotemariadbhost - the hostname or IP address of the remote MariaDB host to connect to via the secure tunnel
remote_port - the port number of the remote MariaDB host to connect to via the secure tunnel
bastion_user - the username to use when connecting to the bastion host
bastion_host - the hostname or IP address of the bastion host that is accessible from the local machine
-i - the option to specify the path to the SSH private key to use for authentication
path_to_ssh_key - the path to the SSH private key file to use for authentication
To forward the db connection to our localhost:3310
ssh -L 3310:db.sample.com:3306 email@example.com -i key
Upon successful key authentication, the connection to your database is made available locally, allowing for seamless and secure access.
You can Test your connection using DBeaver, make sure the
password is correct.
So whenever you're starting you just have to do this one port forwarding command and DBeaver is good to go.
If you are here it means you may have found this blog helpful. Just follow me @shrihari which will motivate to write more.
You can make a Buttermilk 🥛. Small support comes a long way!
Subscribe If you want to receive these blogs in your mail from @Medium for free!
Top comments (2)
I need more detailed steps to perform same in windows
If you have gitbash and key file . Then same steps as above. Else I will add a putty version of that.