DEV Community

Shrihari Mohan
Shrihari Mohan

Posted on • Updated on

DBeaver + SSH + Bastion Host + Google Authenticator : 🤝How to connect

Our setup utilises a secure bastion host protected by Google Authenticator's time-based one-time password authentication for added security.

If your DB is protected by a Jump Server. Then we can't directly connect the db with DBeaver , it does not have built-in support for Google Authenticator.

So we're going to create local ssh tunnel then connect the DBeaver to our tunnel.

There are many ways to create a ssh tunnel, Such as by using PuTTY or openSSH or terminal. Right now we're going to use terminal (Linux / Mac). If you're using windows you can use any bash/WSL or PuTTY to create a tunnel.

I have a key to connect to host, In a single command we can create a local ssh tunnel.

ssh -L <local_port>:<remotemariadbhost>:<remote_port> <bastion_user>@<bastion_host> -i <path_to_ssh_key>
Enter fullscreen mode Exit fullscreen mode

Breaking down of the command

ssh - the command to initiate an SSH connection

-L - local port forwarding option, which sets up a secure tunnel between the local machine and the remote MariaDB host through the bastion host

local_port - the local port number to use for the secure tunnel

remotemariadbhost - the hostname or IP address of the remote MariaDB host to connect to via the secure tunnel

remote_port - the port number of the remote MariaDB host to connect to via the secure tunnel

bastion_user - the username to use when connecting to the bastion host

bastion_host - the hostname or IP address of the bastion host that is accessible from the local machine

-i - the option to specify the path to the SSH private key to use for authentication

path_to_ssh_key - the path to the SSH private key file to use for authentication

To forward the db connection to our localhost:3310

ssh -L shrihari@ -i key
Enter fullscreen mode Exit fullscreen mode


Upon successful key authentication, the connection to your database is made available locally, allowing for seamless and secure access.

You can Test your connection using DBeaver, make sure the port, username and password is correct.

DBeaver Connection

So whenever you're starting you just have to do this one port forwarding command and DBeaver is good to go.

Peace 🕊

If you are here it means you may have found this blog helpful. Just follow me @shrihari which will motivate to write more.

You can make a Buttermilk 🥛. Small support comes a long way!

Subscribe If you want to receive these blogs in your mail from @Medium for free!

Try Our new product for free!

DocsAI - Create AI support agents with your documents in the most affordable price, starts at 0$. Don't need a bot , but need ai help on your docs just upload and start chating !

Using for a company ? Check out our pricing Just contact me for personalized pricing !


More Free Articles from me

Top comments (2)

saisanthosh profile image

I need more detailed steps to perform same in windows

shrihari profile image
Shrihari Mohan

If you have gitbash and key file . Then same steps as above. Else I will add a putty version of that.