Sometimes the database cannot be accessed directly, in such cases you can use the SSH tunnel. The SSH or Secure Shell is a network communication protocol that allows two computers to communicate and encrypts the shared data.
DBeaver supports the following SSH authentication methods:
- Public key authentication
- Agent authentication
Available agent authentication implementations:
Note that you have to run the agent first before connecting to the database in DBeaver.
SSH can either be configured individually for each connection in Connection settings ⇒ SSH1 or as a which can be selected from the drop-down menu2 on the same page mentioned earlier:
In order to use SSH, you have to enable it first. After that, configure it for your needs, then click on Test tunnel configuration to test whether all parameters are valid or not.
It is often required to set the hostname to
localhost in Connection settings ⇒ Main. SSH establishes a connection between two machines, authenticating each side to the other, and passing commands and output back and forth. After connecting to remote machine, all commands you execute are executed on that remote machine, so by having the host set to
localhost you are opening a connection to the database on this remote machine, not on your local machine, and just redirect I/O to the latter.
Configuring Gateway Host
Gateway host, sometimes known as jump host, is used in situations when you cannot access a particular machine directly from your local machine, but it is possible to use a gateway server.
Just like SSH configuration, you have to enable it first. Gateway has the same configuration as for regular SSH tunnel:
Imagine you have the following situation: your database is located on remote machine with IP address
100.100.100.100 and which is accessible through SSH. You cannot access this IP directly from your machine because of your network settings or firewall, but you can access other machines with the IP address
18.104.22.168 through SSH and which is able to access the desired remote machine.
You will need to specify
100.100.100.100 as a host in regular SSH configuration and
22.214.171.124 as a host in a gateway configuration to achieve such a "connection order":
Jump servers are only available with Jsch implementation. See information below.
- Optional port forwarding configuration, see information at below.
- Keep-alive interval. Can be used to "ping" a remote machine to make sure that the SSH connection is still alive.
- Connection timeout. If the destination SSH machine is quite slow and the connection takes ages to complete, you can adjust the value of this parameter.
Port forwarding is used to expose some socket sitting on a remote port to your local port, allowing you to communicate with it. After the SSH connection to the remote machine is established, you now need to connect to the database on that machine. Now you need to pass the port on which the database is listening to from that remote machine to your local machine. This is when port forwarding becomes handy.
By default, it randomly chooses the local port and forwards it to the destination port set in Connection settings ⇒ Main
It is not usually required to change this configuration, but it can be useful e.g. when you want to use a particular local port.