DBeaver + SSH + Bastion Host + Google Authenticator : 🤝How to connect
Shrihari Mohan
Posted on March 5, 2023
Our setup utilises a secure bastion host protected by Google Authenticator's time-based one-time password authentication for added security.
If your DB is protected by a Jump Server. Then we can't directly connect the db with DBeaver , it does not have built-in support for Google Authenticator.
So we're going to create local ssh tunnel then connect the DBeaver to our tunnel.
There are many ways to create a ssh tunnel, Such as by using PuTTY
or openSSH
or terminal
. Right now we're going to use terminal
(Linux / Mac). If you're using windows you can use any bash/WSL
or PuTTY
to create a tunnel.
I have a key
to connect to host, In a single command we can create a local ssh tunnel.
ssh -L <local_port>:<remotemariadbhost>:<remote_port> <bastion_user>@<bastion_host> -i <path_to_ssh_key>
Breaking down of the command
ssh - the command to initiate an SSH connection
-L - local port forwarding option, which sets up a secure tunnel between the local machine and the remote MariaDB host through the bastion host
local_port - the local port number to use for the secure tunnel
remotemariadbhost - the hostname or IP address of the remote MariaDB host to connect to via the secure tunnel
remote_port - the port number of the remote MariaDB host to connect to via the secure tunnel
bastion_user - the username to use when connecting to the bastion host
bastion_host - the hostname or IP address of the bastion host that is accessible from the local machine
-i - the option to specify the path to the SSH private key to use for authentication
path_to_ssh_key - the path to the SSH private key file to use for authentication
To forward the db connection to our localhost:3310
ssh -L 3310:db.sample.com:3306 shrihari@3.92.143.106 -i key
Upon successful key authentication, the connection to your database is made available locally, allowing for seamless and secure access.
You can Test your connection using DBeaver, make sure the port
, username
and password
is correct.
So whenever you're starting you just have to do this one port forwarding command and DBeaver is good to go.
Peace 🕊
If you are here it means you may have found this blog helpful. Just follow me @shrihari which will motivate to write more.
You can make a Buttermilk 🥛. Small support comes a long way!
Subscribe If you want to receive these blogs in your mail from @Medium for free!
Try Our new product for free!
DocsAI - Create AI support agents with your documents in the most affordable price, starts at 0$. Don't need a bot , but need ai help on your docs just upload and start chating !
Using for a company ? Check out our pricing Just contact me for personalized pricing !
More Free Articles from me
OAUTH for beginners and Key Terms.
Shrihari Mohan ・ Dec 9 '22
Posted on March 5, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.