DataGrip and SSH Tunnels
Still struggling to configure DataGrip with SSH Tunnels, which is a big blocker for me to use it more - I keep going back to dbvisualizer (which is fine, really -- but since I have DataGrip too, i'd like to compare them a bit more).
Currently, I have trouble even finding all the bits. On the general tab, is the host the host you'll connect to after establishing the tunnel (e.g. the hostname the proxy / bastion / jump host should use?) or is it the host DataGrip will use, which is presumably localhost? Is the port the final port (on the db server) or the port you want DataGrip to use locally?
If I'm going to connect to a database on internal.example.com:2345 after tunnelling to bastion.example.com:22 and both 2345 and 22 are occupied locally, where do I put all that information? Maybe once I understand that, it'll be easier to make the connection.
I also find that DataGrip doesn't log much about its attempted connections. When I attempt a connection and it fails, nothing at all gets into idea.log from what I can see.
Please sign in to leave a comment.
Here's an illustration of my example.
And on DataGrip, I have:
- General > Host == localhost? internal.example.com?
- General > Database == 5555? 2345?
- SSH > Proxy host == bastion.example.com?
- SSH > Port == 22?
- And where does the local or remote information go (depending on what I put in General)
And, yeah, if I tail -F idea.log and then test connection -- nothing gets logged. If it did, I might be able to figure out what parameters mean what.
Hi,
In "General" tab you need to specify your database connection settings. In "SSH/SSL" tab you need to specify your tunnel options. For more details press F1 to get internal DataGrip help.
Thank you.
That helps a little, as did a little status information beside the test connection -- which I didn't or couldn't see before? On the general tab, I gather I should put in the values for the "database server -- the values that the bastion server would use to connect". You don't/can't specify local port, but that wasn't the problem anyway. Anyway, I am finally able to connect to the server, which is what I care about most. Thanks!
Hi,
>You don't/can't specify local port, but that wasn't the problem anyway.
DG uses random local port.
>nothing gets logged
We're working on it.
Thank you.
When using SSH tunneling, why doesn't DataGrip prompt me for the SSH key passphrase when I attempt to connect? SSH tunneling only works if I enter the passphrase under "Data Sources" and check the "Remember" box. But I don't want DataGrip to remember my SSH passphrase—I'd prefer to enter it when I want to connect.
Hi,
We've got some issues about two-factor authentication and passphrase prompt.
Here is the short list:
Thank you.
@Geoffrey Wiseman Hi,
Pay attention for enhanced ssh functionality in DataGrip http://blog.jetbrains.com/datagrip/2017/12/06/datagrip-2017-3/#connectivity
Thank you.
This is an issue. I need to find the forwarding port. In other db tools you can see or specify the port. Between this and the timezone issue - it close to a deal breaker.
You can specify all settings in ssh config and load it from within DataGrip.
@vasily is this from windows? I can't find a ssh config file.
One can configure ssh config file either on Windows or Lunux/Mac:
I see the documentation. Seems like you need to use Putty and this is a hack and if I need that why fart around with datagrip SSH at that point. I am not a sys-admin person and I get that the way you implemented it probably more flexible but its not user friendly for analysts. Every product that I've used that has had this capability you could just specify the forwarding port as a parameter in the product and use that. Maybe datagrip just isn't a good solution for a large company with data people who aren't systems people. There are enough bad ticks such as date/time management issues and json linting that just don't work on datagrip for windows.
@Derek Anderson
What do you mean by forwarding port? Do you use multihop ssh connection?
Is this what you need?
Could you describe in detail "ad ticks such as date/time management issues" and " json linting that just don't work on datagrip for windows"?
P.S.: You can email me directly to Vasily.Chernov@jetbrains.com and I'll to solve your issues.
Yes I can also not see an option du use my ~/.ssh/config right here
WORKAROUND:
(SSH-Tunnel -> local connection in DataGrip)
1.) Create a Config in your ~/.ssh/config for the Host (here you can use the ProxyCommand - to go through another host https://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/ ).
2.) Establish a tunnel Connection exposing the remote MySQL-Port on your local machine:
ssh -L 13307:localhost:3306 remote.target.com
Now you can use DataGrip to connect on localhost Port 13307 using the remote credentials - not a solution which feels like JetBrains in 2019 - but works.
@Vasily
Do we have a way to specify a local port for using the tunnel so we can piggyback on it with other services? We still have to currently run putty in addition to DG so I can use postgresql ODBC with excel. If we were using Razor or most other tools we can specify a port and reuse it for this purpose. Frustrating.
@DAnderson,
Yes, we do:
vasily chernov
Hi,
Can you explain what i need to fill in the ssh dialog and the sql connection tab?
To make it happen i have to run
ssh -N -L 15432:MY-RDS-DNS:5432 ubuntu@34.245.185.82 -i ~/.ssh/keys/file.pem
than i run psql -h localhost -p 15432 -U myuser database
please notice i need to connect to local host as it is now forwarded by the tunnel
however i can't figure out how to configure in DG
Given:
ssh -N -L 15432:MY-RDS-DNS:5432 ubuntu@34.245.185.82 -i ~/.ssh/keys/file.pem
ssh -N -L
Start an SSH connection for port forwarding, basically.
15432
Local port for the database server. "Local port" in DataGrip. If you're having DataGrip set up the tunnel, and nothing else is connecting, you should probably just leave this as <Dynamic>
MY-RDS-DNS
The database host. "General > Host" in DataGrip.
5432
The port on the database server. "General > Port" in DataGrip.
ubuntu@
The username you're connecting to the proxy host with. "Proxy user" in DataGrip.
34.245.185.82
The bastion/jump/proxy host. DataGrip calls this "Proxy host"
-i ~/.ssh/keys/file.pem
If this isn't your default SSH identify file and you don't have it configured in your ssh config, then you'll need to:
set Authentication to "Key pair"
set Private Key File to ~/.ssh/keys/file.pem
set a passphrase if the key has one
Tsachi Nimni,
One can change Auth type to Key pair
or read ssh-config
In your case specify dabase credentials and localhost in General tab, for SSH in SSH/SSL tab
Does anyone else have an issue with DG (and IJ) occasionally deciding to report "Unkown hostname: localhost" with this setup?
Daniel Mccafferty,
Could you describe your setup and provide full error?
Hi..
What proxy type is used behind the scenes to connect ssh tunnels using key-pair? Is it socks4, 5, other?
Thanks
Garrydias,
For IntelliJ ≥2019.2 we use opensource library SSHJ
Hi,
AWS Recently introduced SSM backed SSH connections. With those the SSH is launched via a ProxyCommand. How will this work with DataGrip? Is there any placeholder to set the proxy command?
Thanks.
Robert Malai we do support ProxyCommand directive in OpenSSH config, so if you configured it there - it should work.
Having issue where I specify the ssh local port but DG isn't using it. Netstat doesn't show this port being used.
I turned on debug on the event logs but I see nothing but "connected". No disconnect or anything - I bit frustrating. Are there logs somewhere else?
Derek Anderson,
Could you share screenshots of your data source SSH settings? and share IDE logs?