search

lymperis-e / qgis_remote_db_plugin

A QGIS plugin to open SSH connections to remote database servers
https://plugins.qgis.org/plugins/remote_db/
GNU General Public License v3.0
4 stars 1 forks source link

Failed connection through a proxy #6

Closed SLeitgeb closed 3 weeks ago

SLeitgeb commented 3 weeks ago

We're trying to use the plugin to set up a connection to an internal database using a SSH tunnel.

The same connection works fine using a VPN (either directly or using the plugin), or using a SSH tunnel via a terminal:

$ ssh -L 5433:127.0.0.1:5432 jump-db

The hosts are set up in ~/.ssh/config:

Host jump
    HostName XY # public IP
    User foo
    IdentityFile ~/.ssh/jump-key

Host jump-db
    HostName YZ # private IP
    ProxyJump jump
    User foo
    IdentityFile ~/.ssh/jump-key

However, when configured using this plugin, the connection is shown as established (a green dot in the Connections list), but the DB connection itself fails with:

connection to server at "127.0.0.1", port 5455 failed: server closed the connection unexpectedly
This probably means the server terminated abnormally before or while processing the request.

Plugin connections config follows:

{
  "connections": [
    {
      "name": "Test Jump",
      "host": "YZ",
      "ssh_port": 22,
      "remote_bind_address": "127.0.0.1",
      "remote_port": 5432,
      "local_port": 5455,
      "username": "foo",
      "password": null,
      "id_file": "/home/me/.ssh/jump-key",
      "pkey_password": null,
      "ssh_proxy": "XY",
      "ssh_proxy_enabled": true
    }
  ]
}

Did you encounter anything similar or have any pointers which way to go? We'd be glad to help and participate in the solution.

SLeitgeb commented 3 weeks ago

I just confirmed that the same DB connection also works using the sshtunnel library directly:

import paramiko
import sshtunnel

from time import sleep

REMOTE_SERVER_IP = "XY"
PRIVATE_SERVER_IP = "YZ"

with sshtunnel.open_tunnel(
    (REMOTE_SERVER_IP, 22),
    ssh_username="foo",
    ssh_pkey="/home/me/.ssh/jump-key",
    ssh_private_key_password="",
    remote_bind_address=(PRIVATE_SERVER_IP, 5432),
    local_bind_address=('0.0.0.0', 5455)
) as tunnel:
    print(tunnel.local_bind_port)
    while True:
        sleep(1)
SLeitgeb commented 3 weeks ago

So sorry, it seems I got one of the parameters wrong, setting remote_bind_address to the YZ IP worked.