DataGrip and SSH Tunnels

Answered

Still struggling to configure DataGrip with SSH Tunnels, which is a big blocker for me to use it more - I keep going back to dbvisualizer (which is fine, really -- but since I have DataGrip too, i'd like to compare them a bit more).

Currently, I have trouble even finding all the bits. On the general tab, is the host the host you'll connect to after establishing the tunnel (e.g. the hostname the proxy / bastion / jump host should use?) or is it the host DataGrip will use, which is presumably localhost? Is the port the final port (on the db server) or the port you want DataGrip to use locally?  

If I'm going to connect to a database on internal.example.com:2345 after tunnelling to bastion.example.com:22 and both 2345 and 22 are occupied locally, where do I put all that information? Maybe once I understand that, it'll be easier to make the connection.

I also find that DataGrip doesn't log much about its attempted connections. When I attempt a connection and it fails, nothing at all gets into idea.log from what I can see.

24 comments
Comment actions Permalink

Here's an illustration of my example.

And on DataGrip, I have:

- General > Host == localhost? internal.example.com?

- General > Database == 5555? 2345?

- SSH > Proxy host == bastion.example.com?

- SSH > Port == 22?

- And where does the local or remote information go (depending on what I put in General)

1
Comment actions Permalink

And, yeah, if I tail -F idea.log and then test connection -- nothing gets logged. If it did, I might be able to figure out what parameters mean what.

1
Comment actions Permalink

Hi,

In "General" tab you need to specify your database connection settings. In "SSH/SSL" tab you need to specify your tunnel options. For more details press F1 to get internal DataGrip help.

Thank you.

0
Comment actions Permalink

That helps a little, as did a little status information beside the test connection -- which I didn't or couldn't see before?  On the general tab, I gather I should put in the values for the "database server -- the values that the bastion server would use to connect". You don't/can't specify local port, but that wasn't the problem anyway. Anyway, I am finally able to connect to the server, which is what I care about most. Thanks!

0
Comment actions Permalink

Hi,

>You don't/can't specify local port, but that wasn't the problem anyway.

DG uses random local port.

 

>nothing gets logged

We're working on it.

 

Thank you.

0
Comment actions Permalink

When using SSH tunneling, why doesn't DataGrip prompt me for the SSH key passphrase when I attempt to connect? SSH tunneling only works if I enter the passphrase under "Data Sources" and check the "Remember" box. But I don't want DataGrip to remember my SSH passphrase—I'd prefer to enter it when I want to connect.

1
Comment actions Permalink

Hi,

We've got some issues about two-factor authentication and passphrase prompt.

Here is the short list:

Thank you.

0
Comment actions Permalink

@Geoffrey Wiseman Hi,
Pay attention for enhanced ssh functionality in DataGrip http://blog.jetbrains.com/datagrip/2017/12/06/datagrip-2017-3/#connectivity

Thank you.

0
Comment actions Permalink

This is an issue.  I need to find the forwarding port.  In other db tools you can see or specify the port.  Between this and the timezone issue - it close to a deal breaker.

0
Comment actions Permalink

You can specify all settings in ssh config and load it from within DataGrip.

-1
Comment actions Permalink

@vasily is this from windows?  I can't find a ssh config file.

0
Comment actions Permalink

I see the documentation.  Seems like you need to use Putty and this is a hack and if I need that why fart around with datagrip SSH at that point.  I am not a sys-admin person and I get that the way you implemented it probably more flexible but its not user friendly for analysts.  Every product that I've used that has had this capability you could just specify the forwarding port as a parameter in the product and use that.  Maybe datagrip just isn't a good solution for a large company with data people who aren't systems people.  There are enough bad ticks such as date/time management issues and json linting that just don't work on datagrip for windows.

0
Comment actions Permalink

@Derek Anderson 
What do you mean by forwarding port? Do you use multihop ssh connection?
Is this what you need?


Could you describe in detail "ad ticks such as date/time management issues" and " json linting that just don't work on datagrip for windows"?

P.S.: You can email me directly to Vasily.Chernov@jetbrains.com and I'll to solve your issues.

0
Comment actions Permalink

Yes I can also not see an option du use my ~/.ssh/config right here

WORKAROUND:

(SSH-Tunnel -> local connection in DataGrip)

1.) Create a Config in your ~/.ssh/config for the Host (here you can use the ProxyCommand - to go through another host https://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/ ).

2.) Establish a tunnel Connection exposing the remote MySQL-Port on your local machine:

ssh -L 13307:localhost:3306 remote.target.com

Now you can use DataGrip to connect on localhost Port 13307 using the remote credentials - not a solution which feels like JetBrains in 2019 - but works.

1
Comment actions Permalink

@Vasily  

Do we have a way to specify a local port for using the tunnel so we can piggyback on it with other services?  We still have to currently run putty in addition to DG so I can use postgresql ODBC with excel.  If we were using Razor or most other tools we can specify a port and reuse it for this purpose.  Frustrating.

 

 

 

0
Comment actions Permalink

@DAnderson,

Yes, we do:

0
Comment actions Permalink

vasily chernov
Hi,

 

Can you explain what i need to fill in the ssh dialog and the sql connection tab?

 

To make it happen i have to run

ssh -N -L 15432:MY-RDS-DNS:5432 ubuntu@34.245.185.82 -i ~/.ssh/keys/file.pem

 

than i run psql -h localhost -p 15432 -U myuser database

 

please notice i need to connect to local host as it is now forwarded by the tunnel

 

however i can't figure out how to configure in DG

0
Comment actions Permalink

Given:

ssh -N -L 15432:MY-RDS-DNS:5432 ubuntu@34.245.185.82 -i ~/.ssh/keys/file.pem

 

ssh -N -L

Start an SSH connection for port forwarding, basically.

 

15432

Local port for the database server. "Local port" in DataGrip. If you're having DataGrip set up the tunnel, and nothing else is connecting, you should probably just leave this as <Dynamic>

 

MY-RDS-DNS

The database host.  "General > Host" in DataGrip.

 

5432

The port on the database server. "General > Port" in DataGrip.

 

ubuntu@

The username you're connecting to the proxy host with. "Proxy user" in DataGrip.

 

34.245.185.82

The bastion/jump/proxy host.  DataGrip calls this "Proxy host"

 

-i ~/.ssh/keys/file.pem

If this isn't your default SSH identify file and you don't have it configured in your ssh config, then you'll need to:

set Authentication to "Key pair" 

set Private Key File to ~/.ssh/keys/file.pem

set a passphrase if the key has one

1
Comment actions Permalink

Tsachi Nimni,

One can change Auth type to Key pair

or read ssh-config

 

In your case specify dabase credentials and localhost in General tab, for SSH in SSH/SSL tab

 

 

0
Comment actions Permalink

Does anyone else have an issue with DG (and IJ) occasionally deciding to report "Unkown hostname: localhost" with this setup?

0
Comment actions Permalink

Daniel Mccafferty,

Could you describe your setup and provide full error?

 

0
Comment actions Permalink

Hi..

What  proxy type is used behind the scenes to connect ssh tunnels using key-pair? Is it socks4, 5, other?

 

Thanks

 

0
Comment actions Permalink

Garrydias,

For IntelliJ ≥2019.2 we use opensource library SSHJ

0

Please sign in to leave a comment.