Using a ssh tunnel with clickhouse-client - clickhouse

I already set up a connection to a clickhouse database with DBeaver using a private key. I have to do the same with clickhouse-client but I don't know how to complete the configuration file. Can anyone provide me with some documentation or help for clickhouse-client and ssh tunnel ?

Related

How do you write an odbc.ini file with configured ssh tunelling?

I'm on m1 mac, with tableau 2021.4, and as a result I'm forced to used the iodbc.org SDK. The app doesn't work or register drivers meant for the m1 mac so I've used the intel x86_64 mysql odbc driver. I'm not asking tableau support for reasons.
The mysql db I need to connect to is on a server I can't connect to directly (behind a vpc) and an ssh tunneling works sometimes within tableau. This link is the closest one to my problem. tableau_support. Regardless, The connection keeps dropping and I'm guessing it's due to the odbc.ini file being configured incorrectly.
Ive been referring to this as it's the closest thing to help me figure this out: iodbc but I'm at my wits end.
My odbc.ini file:
[connection_name]
Driver = /usr/local/mysql-connector-odbc-8.0.20-macos10.15-x86-64bit/lib/libmyodbc8w.so
Username = db_username
Database = db_name
Port = 3306
Server = db_name.xyz.us-east-1.rds.amazonaws.com
Hostname = ec2-##-##-##-##.compute-1.amazonaws.com
How can I write a mysql odbc.ini file with the correct parameters to set up an ssh tunnel or to work with an ssh tunnel?
As an addition, the db itself is not on localhost, it has its own different endpoint and I need to use a pem file to gain access to the server the db is hosted on.
...
What about creating SSH-Tunnel, similar to this?
ssh myaccount#db_server -L 9002:localhost:3306
Then connect to port 9002 on m1-localhost this will be forwarded to db_server.
If port 3306 isn't used on your m1, you can use it to simplify:
ssh myaccount#db_server -L 3306:localhost:3306 -N
Details: man ssh
Or simplified: http://lifesim.de/lex/ssh.html

How Connect Unix Socket via SSH Tunnel in Datagrip

How can I connect to a MySQL server via SSH Tunnel and get from the server the UNIX socket in Datagrip?
I found this partial solution, that helps me to configure SSH Tunnel but not get the socket file from the server.
How to connect to database through SSH using DataGrip
The server is MariaDB and I tried to use this information too but doesn't work
https://intellij-support.jetbrains.com/hc/en-us/community/posts/360010247880-How-to-connect-to-mariadb-via-unix-socket-
unix socket is not forwarded via SSH tunnel unless you perform some additional steps. the best approach is to use socat. something like that before connection:
/usr/bin/socat "UNIX-LISTEN:$SOCKET_DIR/mariadb-remote1.sock,reuseaddr,fork" \
EXEC:'/usr/bin/ssh -F /etc/sshssh_config -l root <remote1 host> -p 22 /usr/bin/socat STDIO UNIX-CONNECT\:/run/mariadb/mariadb.sock'
Here and here you can find more useful information.

Unable to connect MongoDB Compass to AWS DocumentDB using SSH tunnel

I am new to mongoDB trying to setup tools for my new project. Most of my infrastructure run on AWS so i prefer to use AWS documentDB. I manage to connect to documentDB from EC2 both via mongo client or NodeJS aplication. but it would be good to mange documentDB from my Windows workstation using MongoDB Compass.
As we know, we can not direct connect any mongo client from outside AWS to DocumentDB Connecting to an Amazon DocumentDB Cluster from Outside an Amazon VPC
so we need SSH tunnel through EC2. I try many options but still fail... below are most likely 2 options:
Option 1: Connect using MongoDB Compass SSH tunnel
Error: unable to get local issuer certificate
both RDS-COMBINED-CA-BUNDLE.PEM and SSH Key already supplied so which one unable to get?
as red highlight on SSH port, I also tried to open another SSHD port on server and tried to connect using second port but still failed.
Option 2: Connect using Putty SSH tunnel
Error: Hostname/IP does not match certificate's altnames...
since MongoDB Compass need to connect to locathost to get into tunnel and i still can not find the way to supply --sslAllowInvalidHostnames options.
So, what i can do to get around this ?
MongoDB Compass: 1.25.0
I am done with Compass.
successful established "robo3t" connection to AWS DocumentDB using this guild.
https://docs.aws.amazon.com/documentdb/latest/developerguide/robo3t.html
As of Jan 2022 MongoDB Compass does not support sslInvalidHostNameAllowed=true in the connection builder form, this is the parameter you are missing in order to connect to AWS DocumentDB while ssh tunneling to a machine inside the same VPC of the database itself.
I used Studio 3T and it worked perfectly. You could create the connection string yourself or try other GUI.
Edit Jan 2023:
I just gave a try to compass again and it seems they now support sslInvalidHostNameAllowed flag through the UI, you could still change manually the connection string but then any UI interaction would overwrite it.
If you edit the connection string directly in MongoDB Compass you can set options that may not be accessible in the user interface.
Below is an example with tweaked parameters to connect without using TLS:
mongodb://xxxx:yyyy#localhost:27017/?authSource=admin&connectTimeoutMS=10000&readPreference=primary&authMechanism=SCRAM-SHA-1&serverSelectionTimeoutMS=5000&appname=MongoDB%20Compass&ssl=false
For Hostname, are you using DocumentDB endpoint? In one screenshot, I see you are using localhost.
I have managed to connect with option 1.
The workaround can be by establish connection using SSH Tunnel (port forward) and so that SSH tunnel opens a port on your local system that connects through to another port at the other end of the tunnel.
Using the below command establishes a tunnel on terminal and later you can use this channel/connection to connect MongoDB using MongoDB Compass.
For example:
ssh user#aws-ec2-ip-address -L 35356:127.0.0.1:27017 -N
where -L as the Local listening side
Port 35356 is listening on localhost (that is in this case your EC2) and port forwards through to port 27017 on remote server.
Note - Add identity file in .ssh/config
Ex - On Mac
Host XXXXXXX
HostName 52.xx.xx.xx
User ubuntu
IdentityFile ./path/prod.pem

DBeaver connection via SSH tunnel

Using DBeaver, I'm trying to connect to my AWS ec2 instance where I've installed a MariaDB database.
I've created a new connection as:
Connection: AWS / Maria DB
Server Host: localhost (because I'm using ssh to connect)
Database, Username and Password: the right ones
Port: 3306
SSH tunnel on the connection:
Use SSH Tunnel: checked
Host/IP, Port and User: as suggested by the AWS documentation
Auth: Public Key
Private key: file .pem (the one I'm also using to connect via ssh from command line)
The connection works great at the beginning.
After some minutes of inactivity if I open a table the connection stucks and I need to invalidate/reconnect to fetch the data. This process sometimes is done by DBeaver, after 15 seconds of not fetching anything, but sometimes even if I wait 2 minutes it keeps running but fetching nothing.
Is there something I'm missing in my configuration? Or some configuration on the server maybe.. I don't know..
Have you ever had this problem?
Here I had the same situation. Previous versions of DBeaver used to keep the connection longer (I don't remember precisely which version), in the order of hours.
I solved this issue by using a VPN or a SSH port forwarding from my machine. So, it is the same configuration as yours with localhost, but the tunnel is done outside DBeaver.
config using pem key in shh tunel

How can I connect to a remote mongodb server using the mongo shell?

Trying to connect to a remote MongoDB server I get: socket operation timed out.
and the firewall log also doesn't mention any attempted connection.
I have the Mongodb running on a remote Windows 2012 vm.
I used --bind_ip 0.0.0.0 and added the firewall rules from the docs.
pingĀ“ing from either client/server works and so does the vnc.
And I'm able to connect from the server using either localhost or the ip
Im new to networking and thought I slowly understand, but apparently thats not the case!
Is there anything else I did not consider?
Try this in your terminal
mongo -u <USER> -p <PASSWORD> <HOST>:<PORT>/<DB> --authenticationDatabase <AUTH_DB>

Resources