Sometimes the database cannot be accessed directly, in such cases you can use SSH tunnel. SSH or Secure Shell is a network communication protocol that allows two computers to communicate and encrypts the shared data.
DBeaver supports following SSH authentication methods:
- Public key authentication
- Agent authentication
Available agent authentication implementations:
Note that you have to run agent first before connecting to the database in DBeaver.
SSH is either can be configured individually for each connection in Connection settings ⇒ SSH1 or as a which can be selected from drop-down menu2 on the same page mentioned earlier:
In order to use SSH, you have to enable it first. After that, configure it for your needs, then click on Test tunnel configuration to test whether all parameters are valid or not.
It's often required to set the hostname to
localhost in Connection settings ⇒ Main. SSH establishes a connection between two machines, authenticating each side to the other, and passing commands and output back and forth. After connecting to remote machine, all commands you execute are executed on that remote machine, so by having host set to
localhost you're opening a connection to the database on this remote machine, not on your local machine, and just redirect I/O to the latter.
Configuring Gateway Host
Gateway host, sometimes known as jump host, is used in situations when you can't access a particular machine directly from your local machine, but it's possible using a gateway server.
Just like SSH configuration, you have to enable it first. Gateway has the same configuration as for regular SSH tunnel:
Imagine you have the following situation: your database is located on remote machine with IP address
100.100.100.100 and which is accessible through SSH. You can't access this IP directly from your machine because of your network settings or firewall, but you can access other machine with IP address
188.8.131.52 through SSH and which is able to access desired remote machine.
You will need to specify
100.100.100.100 as a host in regular SSH configuration and
184.108.40.206 as a host in gateway configuration to achieve such "connection order":
- Optional port forwarding configuration, see more information below.
- Keep-alive interval. Can be used to "ping" remote machine to make sure that SSH connection is still alive.
- Connection timeout. If the destination SSH machine is quite slow and connect takes ages to complete, you can adjust the value of this parameter.
Port forwarding is used to expose some socket sitting on a remote port to your local port, allowing you to communicate with it. After the SSH connection to remote machine is established, you now need to connect to the database on that machine. Now you need to pass the port on which the database is listening to from that remote machine to your local machine, and this is when port forwarding becomes handy.
By default, it randomly chose local port and forwards it to the destination port set in Connection settings ⇒ Main
Usually it's not required to change this configuration, but it can be useful e.g. when you want to use a particular local port.