The ssh tunnels are used for many things, but basically it is a point-to-point encryption (until the ssh gateway) with the purpose of not being able to capture the information that circulates through the channel. Even if someone uses a sniffer (it will capture the data packets) it will not be able to read the information that is sent or received.
As I said before there are many purposes to use the tunnels, in our case we will see from the point of view of the databases, and mainly from the perspective of the database administrator, which by the functions of the post entails Many times sensitive information.
Not long ago post a post to demonstrate how easy it is to see and capture network packets when we send an “alter user xxx identified by values and and” statement, using a tunnel this information will be encrypted from the time it leaves my laptop until it reaches the ssh gateway. Okay on the laptop and once the data passes the gateway until the targete machine where is the sistener would be captured and read. Normally this segment of network is a local area and is more or less secure.
We must define;
- ssh gateway or jumped host; as the entry point to the tunnel (or where we are going to bounce the signal).
- target machine; as the host to which we want to connect.
- local port (source port named by Putty); which we will use on our computer (in my case laptop) and when we reference it will translate to the port of the listener that is on the target machine.
Open Putty and set the ssh gateway and port 22 (necessary to encript the channel)
Drill down in the lest menu and click on tunnels, set source port and destination (target machine).
Click on add button and after click on Open.
Now from SQL Developer We need open a new connection and set username and pass as usual and the new for use the tunnel;
Set hostname to localhost (or 127.0.0.1)
Set Port to 7000, defined as local port (in our workstation)
Set Service_name to the database
HTH – Antonio NAVARRO