Connect to database through two ssh tunnels in IntelliJ IDEA

Question

I'm trying to add a postgresql database as a datasource in IntelliJ IDEA Ultimate.
I've worked with a datasource through ONE ssh tunnel already. But now the database server is behind a firewall which only accepts ssh connections from a management server. The only way to access the db server goes over the management server.

So I (or IntelliJ) have to connect via ssh to this server and then, by using another user, tunnel via ssh to the database server.

Everything clear? :-D

The problem is, that IntelliJ offers only to configure one ssh tunnel. But after the first tunnel I need to use a second one, to finally connect to the database server... Any Ideas?

Thx in advance.

score 1 · Answer 1 · answered Feb 27 '19 at 07:50

1

I'd create a local port forward using OpenSSH or any similar tool which will forward 127.0.0.1:2222 to firewall:22 via the Management Server, then use IntelliJ IDEA tunnel configuration to 127.0.0.1:2222 like you would do with the single tunnel.

ssh -L 127.0.0.1:2222:firewall:22 <management server>

You can configure an External Tool to automate this process. On Windows machine I had great experience with Bitvise SSH Client for creating tunnels/port forwards and starting them automatically.

answered Feb 27 '19 at 07:50

CrazyCoder

389,263
172
990
904

Thx. The firewall has no real address (hardware), the connections just go through it. So if I do a port forward for my localhost to the management server, I'm only there, but not on the db server? Where or how to address the ssh connection to the database server itself? – zypro Feb 27 '19 at 08:24
Then you just port forward through the management server to the database server and connect to the database as localhost which will get forwarded to the database server via the management server and the firewall. – CrazyCoder Feb 27 '19 at 08:27
So I have to add the port forward on the management server, right? – zypro Feb 27 '19 at 09:13
1

Yes, from what you've described it seems to be the way to go. – CrazyCoder Feb 27 '19 at 09:14

score 1 · Answer 2 · answered Nov 13 '20 at 02:42

ssh supports your scenario out of the box. The trick is to create two entries in your ~/.ssh/config file for the management server, one for your-user and one for special-user. Then use ProxyJump to chain your connections together.

So, start by setting up a Host section for the management server and the user your are connecting to from your local machine:

Host mgmt
    HostName management.server.com
    User your-user
    ...

Then, set up a Host for the user on the management server that you will be logging in as:

Host mgmt-special-user
    HostName management.server.com
    User special-user

To this same host, add a directive to tell ssh to create a tunnel to your DB:

    LocalForward <free-port-on-your-box> <db-ip-or-host>:<db-port>

Then tell ssh that this host can be reached from the first host:

    ProxyJump mgmt

You can now ssh mgmt-special-user from your local machine. ssh will automatically jump through the mgmt host, and will also automatically extend the tunnel through mgmt and back to your local machine.

ProxyJump (-J) was added in OpenSSH 7.3 (released in 2016).

Connect to database through two ssh tunnels in IntelliJ IDEA

2 Answers2