I am trying to setup an SSH tunnel to a mongoDB cluster hosted In Atlas. I setup the tunnel with the below command
ssh -i <key_file> -N -L <localport>:<atlas_node_hostname>:<atlas_port> <remote_user>#<remote_ip>
And added the atlas_node_hostname in
/etc/hosts
From the machine where I created the SSH tunnel, I can connect to atlas db with the atlas_node_hostname mentioned in the string.
mongo --ssl "mongodb://<username>:<password>#<atlas_node_hostname>:<ssh_tunnel_local_port>/<db_name>?authSource=admin"
But I want to connect using 127.0.0.1 instead of the atlas_node_hostname, this is so that I can give devs access only to the machine where the tunnel is running and they can connect to the DB.
mongo --ssl "mongodb://<username>:<password>#<127.0.0.1:<ssh_tunnel_local_port>/<db_name>?authSource=admin"
But with the above attempt I get the below error
Error: couldn't connect to server 127.0.0.1:27779, connection attempt failed: SSLHandshakeFailed: The server certificate does not match the host name. Hostname: 127.0.0.1 does not match SAN(s): *.345ed5412fd76fb84cd13794.utkqs.mongodb.net, *.utkqs.mesh.mongodb.net, *.utkqs.mongodb.net, CN: *.utkqs.mongodb.net :
Is there any way I can get it working with the 127.0.0.1 instead of giving the atlas_node_hostname? Or any tool that can proxy Atlas MongoDB?
Related
I have an ssh config file like this.
I have a proxy jump to host1 from test2.
Host host1
Hostname xxxxxx.us-east-1.elb.amazonaws.com
Port 2222
User xxxx
IdentityFile ~/.ssh/cert
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
KeepAlive yes
ServerAliveInterval 30
ServerAliveCountMax 30
Host test2
Hostname xx.xxx.xx.xxx
ProxyCommand ssh.exe host1 -q -W %h:%p host1
User ubuntu
IdentityFile ~/.ssh/cert
KeepAlive yes
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
ServerAliveInterval 30
ServerAliveCountMax 30
My mongo db host : xxx-nonprod.cluster-xx.us-east-1.docdb.amazonaws.com
I have to Use SSH Tunneling to Mongodb using Host test2, But it uses Proxy Jump using ProxyCommand
I want to connect to mongodb using SSH Tunneling with a Mongo DB Compass and also with node js mongoose.
How Can I connect using the Mongo DB Compass?
Here I don't have an option to enter ProxyCommand details.
How Can I connect using node js?
I am using tunnel-ssh, I have a reference code ,
var config = {
username:'ubuntu',
host:'xx.xxx.xx.xxx',
agent : process.env.SSH_AUTH_SOCK,
privateKey:require('fs').readFileSync('~/.ssh/cert'),
port:22,
dstPort:27017
};
var server = tunnel(config, function (error, server) {
});
Here as well how can I enter ProxyCommand details here? Or please suggest any node js package which solves this problem.
I am able to connect to the database now.
Make a tunnel through Bastion to the Database from the terminal.
ssh -L 27017:{mongodb-host}:27017 host1
I am able to connect to database via the tunnel from localhost in another terminal.
mongo --host 127.0.0.1:27017 --username {username} --password {password}
So I am able to connect through mongoose too using connection string.
mongodb://dbadmin:{username}:{password}#localhost:27017
I am attempting to tunnel from my localhost (on port 24000) via a Bastion box to my mongo instance (on 27017) that is only available via the VPC private subnet so that I may develop locally whilst connected to the staging db. Using this tunnel command on my OSX box:
ssh -A -L 24000:ip-10-0-11-11.ec2.internal:27017 ec2-3-211-555-333.compute-1.amazonaws.com -N -v
"ip-10-0-11-11.ec2.internal" is the mongo box.
"ec2-3-211-555-333.compute-1.amazonaws.com" is the bastion box.
Aiming to bind local port 24000 to the bastion then from there to the mongo box on 27017.
However upon trying to connect via the tunnel from my local box with:
mongo -u dbUser localhost:24000/db-name
The connection is timing out. Below is the verbose output from ssh tunnel command (presumably from the bastion?).
debug1: channel 3: free: direct-tcpip: listening port 24000 for ip-10-0-11-11.ec2.internal port 27017, connect from 127.0.0.1 port 63451 to 127.0.0.1 port 24000, nchannels 4
channel 4: open failed: connect failed: Connection timed out
Seems to try to be working but it is just not. Any and all help would be appreciated! I do have ssh forwarding enabled on the bastion via the sshd config. I can also connect to the mongo instance while on the bastion no problem.
Circling back... not sure how I got it working or why it wasn't working, but for those looking forward the ssh command to open a tunnel forwarding the keys in your ssh-agent this command is indeed the way todo.
ssh -A -L 24000:ip-10-0-20-141.ec2.internal:27017 ec2-54-165-159-177.compute-1.amazonaws.com -N -v
I'd like to connect to my AWS instance and connect to my MongoDB database over localhost. The SSH tunnel seems to work, but when I try to connect with mongo I get a connection failed error.
SSH tunnel command:
ssh -i <path to key> -N -L 27017:++++++++++.us-west-2.compute.amazonaws.com:27017 ++++++#++++++++++.us-west-2.compute.amazonaws.com
Mongo client:
mongo -u +++++++ -p ++++++++++ mongodb://localhost:27017/+++++
MongoDB shell version v3.4.7
connecting to: mongodb://localhost:27017/++++++
2018-01-22T15:32:07.125+0100 E QUERY [thread1] Error: network error while attempting to run command 'isMaster' on host 'localhost:27017' :
connect#src/mongo/shell/mongo.js:237:13
#(connect):1:6
exception: connect failed
On the tunnel side I then get:
channel 2: open failed: connect failed: Connection refused
I have tried the mongo command directly on the server then there it works fine.
On my Robo T3 client there is an option to connect over SSH and there the connection works just fine.
Any suggestions are greatly appreciated.
EDIT
When I start the mongo client, no new lines are added to mongdb log file. This indicates that the tunnel is not doing it's job...
According to this documentation, this error happens when you try to connect to a MongoDB server without ssl.
The solution then would be to connect using SSL, which can be done by adding --ssl to your connection query (so that it looks like this: mongo --ssl -u +++++++ -p ++++++++++ mongodb://localhost:27017/+++++).
Let me know if this works for you!
I have a Lightsail AWS instance up and running with a MEAN stack. I have an existing MEAN stack running on a different network. At the moment the node server.js connects to localhost for the mongo bit (on same machine) and all I want to do is replace the localhost with a connection to my mongo running on my AWS remote server.
I understand, that for security reasons, it is best to ssh tunnel this connection, which I think I am familiar with.
What I have done so far is this:
In a console on the machine hosting the node server (remote to the db) I have run:
ssh -L 8181:127.0.0.1:80 -i ~/LightsailDefaultPrivateKey-eu-west-2.pem bitnami#31.16.56.125 -N
I can then browse to the RockMongo UI from the local machine using localhost:8181/rockmongo ...yay.
If I then run the following:
ssh -L 8181:127.0.0.1:27017 -i ~/LightsailDefaultPrivateKey-eu-west-2.pem bitnami#31.16.56.125 -N
(27017 being the mongo port)
Then try and access the db from my remote machine using:
mongo --username XXXXXX --password XXXXXX 31.16.56.125:8181/testdata
I get the following error:
~]
2017-12-28T22:11:09.791+0000 Error: couldn't connect to server 31.16.56.125:8181 (31.16.56.125), connection attempt failed at src/mongo/shell/mongo.js:148
exception: connect failed
Am I doing this wrong? i.e. is the tunnel only for http connections and not mongo command line use? Do I need to test the connection some other way?
I've Googled all over the place for this and not had much luck (a lot of the AWS docs suggest punching a hole in the firewall - which one can no longer do!)
OK I've (partially) solved this, there were a few things wrong.
1) The mongo client was 2.6 and mongo running on AWS was 3.4. Upgrading this solved some issues - in that I was getting a more meaningful error message.
One thing I did have trouble with is that apt-get seemed to perform an update, yet the version reported when issuing the mongo command was still 2.6.
To solve this I had to run sudo apt-get purge mongodb-org* (note the asterisk). Then perform the update.... If you need to do this then follow these instructions:
https://docs.mongodb.com/v3.2/tutorial/install-mongodb-on-ubuntu/
2) This command
mongo --username XXXXXX --password XXXXXX 31.16.56.125:8181/testdata
won't work as I've omitted 'admin' from it and not specified localhost!
but
mongo admin --username XXXXXX --password XXXXXX localhost:8181/testdata
doesn't work either and gives the following output.
2018-01-03T22:00:42.380+0000 W NETWORK [thread1] Failed to connect to 127.0.0.1:27017, in(checking socket for error after poll), reason: errno:111 Connection refused
2018-01-03T22:00:42.380+0000 E QUERY [thread1] Error: couldn't connect to server 127.0.0.1:27017, connection attempt failed :
connect#src/mongo/shell/mongo.js:229:14
#(connect):1:6
The only command I could get to work is:
mongo admin --username XXXXXX --password XXXXXX --port 8181
The default host is localhost, so in this case it uses the tunnel, this will also just connect to the test db, you can then admin from there.
What I haven't got to the bottom of is the specification of the host:port/db as an argument as per the output from running mongo --help
usage: mongo [options] [db address] [file names (ending in .js)]
db address can be:
foo foo database on local machine
192.169.0.5/foo foo database on 192.168.0.5 machine
192.169.0.5:9999/foo foo database on 192.168.0.5 machine on port 9999
I have a database in www.myweb.io, which has SSL. The version of mongo is 2.6.12 in the server: the version of mongo in local is 3.4.1. I want to dump it into my local machine, modify it, and then restore back.
I tried
mongodump --host www.myweb.io --port 22 --username myname --password "mypassword"
and it gave me an error:
2017-11-20T20:57:07.775+0100 Failed: error connecting to db server: no reachable servers
Does anyone know what host and post I should set?
PS: in my localhost, I can use the following setting in Robo 3T to connect to the database:
1) under Connection, specify localhost:27017
2) under SSH, check Use SSH tunnel, specify xxx.xx.xx.xx:22 as SSH Address
In /etc/nginx/sites-enabled/myweb.io, there is listen 443 ssl.
you are not connecting via SSL or TLS to the database.
Use an ssh tunnel to establish a connection to your mongodb
ssh -N -L 27018:localhost:27017 user#www.myweb.io
you can specify -f to let ssh go in the background
Verify that the tunnel is working
Using mongodb
mongo --port 27018
Or telnet
telnet localhost 27018
dumping the database
mongodump --host 127.0.0.1 --port 27018 --db <dbName>
restore it somewhere, do your modifications
dump your local modifications
reapply the local modifications remote for example with mongorestore or mongoimport