how to connect to mongodb server via ssh tunnelExpose a mongodb streaming data server that's behind a firewall, to the internetHow to setup autossh tunnel for MongoDBConnect to mongodb through sshSMB proxy: Connect to SMB server through SSH tunnel between two other hostsHow to restrict ssh tunnel authority to a certain port?Create an SSH tunnel with authentication keys - SyntaxReliable Reverse SSH Tunnelcannot connect to mysql on AWS through ssh tunnelmongodb cannot connect over networkConnect to mongodb through sshUnable to connect to MongoDB running on AWS EC2 instance via SSHCan't connect to remote host via ssh tunnel on port 5432How to SSH tunnel with keys
Coefficients of the characteristic polynomial
How can I convince my reader that I will not use a certain trope?
Are there any vegetarian astronauts?
Is there a short way to check uniqueness of values without using 'if' and multiple 'and's?
Does anycast addressing add additional latency in any way?
Averting Real Women Don’t Wear Dresses
The difference between Rad1 and Rfd1
Can a police officer film me on their personal device in my own home?
How was film developed in the late 1920s?
A way to connect Microsoft Green-Eyed mouse to modern computer?
Alphabet completion rate
Quacks of Quedlingburg Crow Skull Set 2 Keep Drawing
Conduit Fill and Derating for THHN Cables (outdoor run)
How to formulate maximum function in a constraint?
Zombie diet, why humans?
How hard is it to sell a home which is currently mortgaged?
How do I spend money in Sweden and Denmark?
One folder two different locations on ubuntu 18.04
I'm reinstalling my Linux desktop, how do I keep SSH logins working?
Math PhD in US vs Master + PhD in Europe
How can I create ribbons like these in Microsoft word 2010?
Why is a blank required between "[[" and "-e xxx" in ksh?
How do I reference other list in calculated column?
Mean Value Theorem: Continuous or Defined?
how to connect to mongodb server via ssh tunnel
Expose a mongodb streaming data server that's behind a firewall, to the internetHow to setup autossh tunnel for MongoDBConnect to mongodb through sshSMB proxy: Connect to SMB server through SSH tunnel between two other hostsHow to restrict ssh tunnel authority to a certain port?Create an SSH tunnel with authentication keys - SyntaxReliable Reverse SSH Tunnelcannot connect to mysql on AWS through ssh tunnelmongodb cannot connect over networkConnect to mongodb through sshUnable to connect to MongoDB running on AWS EC2 instance via SSHCan't connect to remote host via ssh tunnel on port 5432How to SSH tunnel with keys
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
It was easy for me to connect to my remote mysql server on AWS using a sequelpro, however I'm struggling with doing the same thing with mongodb.
I tried setting up an ssh tunnel via command line like so:
ssh -fN -l root -i path/to/id_rsa -L 9999:host.com:27017 host.com
I also tried it with replacing host with an ip address
the idea is to forward all mongodb connections on port 9999 to the one on the host on port 27101.. however when I run the command:
mongo --host localhost --port 9999
the connection fails, I get this instead:
MongoDB shell version: 2.6.0
connecting to: localhost:9999/test
channel 2: open failed: connect failed: Connection timed out
channel 3: open failed: connect failed: Connection timed out
2014-05-22T14:42:01.372+0300 DBClientCursor::init call() failed
2014-05-22T14:42:01.374+0300 Error: DBClientBase::findN: transport error: localhost:9999 ns: admin.$cmd query: whatsmyuri: 1 at src/mongo/shell/mongo.js:148
exception: connect failed
if I run sudo netstat -plnt I get the following (which seems in order):
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 4242/node
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1342/httpd2-prefork
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2552/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2505/master
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 11719/mongod
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 16561/redis-server
any idea what i'm doing wrong?
update:
this is how the final functional command looks like (credit goes to kenster):
ssh -fN -i ~/path/to/id_rsa -L 6666:localhost:27017 root@remote.server.com
where the -fN command make this command run in the background
ssh database ssh-tunnel mongodb ssh-keys
edited Apr 13 '17 at 12:14
Community♦
1
asked May 22 '14 at 10:51
abboodabbood
4373 gold badges7 silver badges19 bronze badges
add a comment |
It was easy for me to connect to my remote mysql server on AWS using a sequelpro, however I'm struggling with doing the same thing with mongodb.
I tried setting up an ssh tunnel via command line like so:
ssh -fN -l root -i path/to/id_rsa -L 9999:host.com:27017 host.com
I also tried it with replacing host with an ip address
the idea is to forward all mongodb connections on port 9999 to the one on the host on port 27101.. however when I run the command:
mongo --host localhost --port 9999
the connection fails, I get this instead:
MongoDB shell version: 2.6.0
connecting to: localhost:9999/test
channel 2: open failed: connect failed: Connection timed out
channel 3: open failed: connect failed: Connection timed out
2014-05-22T14:42:01.372+0300 DBClientCursor::init call() failed
2014-05-22T14:42:01.374+0300 Error: DBClientBase::findN: transport error: localhost:9999 ns: admin.$cmd query: whatsmyuri: 1 at src/mongo/shell/mongo.js:148
exception: connect failed
if I run sudo netstat -plnt I get the following (which seems in order):
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 4242/node
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1342/httpd2-prefork
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2552/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2505/master
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 11719/mongod
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 16561/redis-server
any idea what i'm doing wrong?
update:
this is how the final functional command looks like (credit goes to kenster):
ssh -fN -i ~/path/to/id_rsa -L 6666:localhost:27017 root@remote.server.com
where the -fN command make this command run in the background
ssh database ssh-tunnel mongodb ssh-keys
edited Apr 13 '17 at 12:14
Community♦
1
asked May 22 '14 at 10:51
abboodabbood
4373 gold badges7 silver badges19 bronze badges
add a comment |
It was easy for me to connect to my remote mysql server on AWS using a sequelpro, however I'm struggling with doing the same thing with mongodb.
I tried setting up an ssh tunnel via command line like so:
ssh -fN -l root -i path/to/id_rsa -L 9999:host.com:27017 host.com
I also tried it with replacing host with an ip address
the idea is to forward all mongodb connections on port 9999 to the one on the host on port 27101.. however when I run the command:
mongo --host localhost --port 9999
the connection fails, I get this instead:
MongoDB shell version: 2.6.0
connecting to: localhost:9999/test
channel 2: open failed: connect failed: Connection timed out
channel 3: open failed: connect failed: Connection timed out
2014-05-22T14:42:01.372+0300 DBClientCursor::init call() failed
2014-05-22T14:42:01.374+0300 Error: DBClientBase::findN: transport error: localhost:9999 ns: admin.$cmd query: whatsmyuri: 1 at src/mongo/shell/mongo.js:148
exception: connect failed
if I run sudo netstat -plnt I get the following (which seems in order):
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 4242/node
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1342/httpd2-prefork
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2552/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2505/master
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 11719/mongod
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 16561/redis-server
any idea what i'm doing wrong?
update:
this is how the final functional command looks like (credit goes to kenster):
ssh -fN -i ~/path/to/id_rsa -L 6666:localhost:27017 root@remote.server.com
where the -fN command make this command run in the background
ssh database ssh-tunnel mongodb ssh-keys
edited Apr 13 '17 at 12:14
Community♦
1
asked May 22 '14 at 10:51
abboodabbood
4373 gold badges7 silver badges19 bronze badges
It was easy for me to connect to my remote mysql server on AWS using a sequelpro, however I'm struggling with doing the same thing with mongodb.
I tried setting up an ssh tunnel via command line like so:
ssh -fN -l root -i path/to/id_rsa -L 9999:host.com:27017 host.com
I also tried it with replacing host with an ip address
the idea is to forward all mongodb connections on port 9999 to the one on the host on port 27101.. however when I run the command:
mongo --host localhost --port 9999
the connection fails, I get this instead:
MongoDB shell version: 2.6.0
connecting to: localhost:9999/test
channel 2: open failed: connect failed: Connection timed out
channel 3: open failed: connect failed: Connection timed out
2014-05-22T14:42:01.372+0300 DBClientCursor::init call() failed
2014-05-22T14:42:01.374+0300 Error: DBClientBase::findN: transport error: localhost:9999 ns: admin.$cmd query: whatsmyuri: 1 at src/mongo/shell/mongo.js:148
exception: connect failed
if I run sudo netstat -plnt I get the following (which seems in order):
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 4242/node
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1342/httpd2-prefork
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2552/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2505/master
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 11719/mongod
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 16561/redis-server
any idea what i'm doing wrong?
update:
this is how the final functional command looks like (credit goes to kenster):
ssh -fN -i ~/path/to/id_rsa -L 6666:localhost:27017 root@remote.server.com
where the -fN command make this command run in the background
ssh database ssh-tunnel mongodb ssh-keys
ssh database ssh-tunnel mongodb ssh-keys
edited Apr 13 '17 at 12:14
Community♦
1
asked May 22 '14 at 10:51
abboodabbood
4373 gold badges7 silver badges19 bronze badges
edited Apr 13 '17 at 12:14
Community♦
1
asked May 22 '14 at 10:51
abboodabbood
4373 gold badges7 silver badges19 bronze badges
edited Apr 13 '17 at 12:14
Community♦
1
edited Apr 13 '17 at 12:14
Community♦
1
edited Apr 13 '17 at 12:14
Community♦
1
1
asked May 22 '14 at 10:51
abboodabbood
4373 gold badges7 silver badges19 bronze badges
asked May 22 '14 at 10:51
abboodabbood
4373 gold badges7 silver badges19 bronze badges
asked May 22 '14 at 10:51
abboodabbood
4373 gold badges7 silver badges19 bronze badges
4373 gold badges7 silver badges19 bronze badges
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
The "channel 2" and "channel 3" lines are from ssh. The sshd instance on the remote server is trying to connect to host.com port 27017 in order to service a tunnel connection, and it's getting a "connection timed out" error.
In other words, sshd on the remote server can't reach the target of the tunnel. Since the remote host is also the host which you're supposedly tunneling to, it's hard to say what the specific problem is. It could be that "host.com" resolves to more than one IP address. You're making an SSH connection to one server in the cluster, and then a different server in the cluster is being chosen as the tunnel target. You could try changing the tunnel target to "localhost" instead of "host.com":
ssh -fN -l root -i path/to/id_rsa -L 9999:localhost:27017 host.com
Update:
"-L 9999:localhost:27017" means that the ssh client on the local server listens for connections on port 9999. When it gets a connection, it tunnels the connection to the sshd instance on the remote server. The remote sshd instance connects from there to localhost:27017. So "localhost" here is from the perspective of the remote server.
With the netstat output, it's a little clearer why it wasn't working before. The "127.0.0.1:27017 " part means that Mongodb is specifically bound to the localhost (127.0.0.1) interface on the remote host. You can't contact that instance of mongodb directly by trying to connect to the host's regular IP address--you can only contact that instance of mongodb through the localhost address. And of course, since it's localhost, you can only contact if from a client running on the same host.
So, the way you're doing it now--tunnel a connection to the server through ssh and then connect to localhost from there--is the way to do it.
answered May 22 '14 at 18:13
KensterKenster
1,68211 silver badges13 bronze badges
that's really strange.. the way you use-Lseems to contradict the ssh man page:-L [bind_address:]port:host:hostport Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.it explicitly says thathostis the remote server's host.. you are using it for local?
– abbood
May 22 '14 at 23:01
I tried the same command with an ip address.. but same result.. btw I updated my question to show the result of me running netstat for listening services if that helps
– abbood
May 22 '14 at 23:35
after reading around here and here turns out your way is the correct way. however I have a question.. in the first link the guy explains why your command is necessary-->
– abbood
May 23 '14 at 0:09
1
ssh -L 27017:myserver:27017 user@myserver Should listen on port 27017 on localhost, then tunnel over the ssh connection to my server and then hit myserver on port 27017. Now, if myserver is listening on only localhost, this won't work, because the hostname may be pointing to the external IP address. If that is the case, try this ssh -L 27017:localhost:27017 user@myserver
– abbood
May 23 '14 at 0:10
can you please explain what this means? what does 'hostname is only pointing to external IP address' mean?
– abbood
May 23 '14 at 0:12
|
show 1 more comment
I've done few configurations on my Ubuntu 18 Vagrant box in order to successfully connect MongoDB remotely using Robo 3T GUI. I've explained in the following steps.
- On Ubuntu server, to open mongo shell run:
$ mongo Inside mongo shell, type following command to create new a admin user.
> use admin;
> db.createUser(user:"admin", pwd:"password", roles:[ role: "root", db: "admin" ]);By default mongodb is configured to allow connections only from localhost(IP 127.0.0.1). We need to allow remote connections from any ip address. The following change should only be done in your development server. Open up etc/mongod.conf file and do the following change.
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0 #default value is 127.0.0.1Also in the same mongod.conf file uncomment security option and add authorization option as shown below.
security:
authorization: enabledSave and exit the mongod.conf file and restart mongodb server.
$ sudo servcie mongod restartDownload and install Robo 3T GUI tool.
On Robo 3T GUI, in the connection settings, you need to do few changes as shown on
below screen shots.
Enter mongodb admin database username and password which you have created earlier.
Here, I have entered my Ubuntu 18 Vagrant box ssh credentials.
Save the changes and press connect icon to see if the connection is working fine.
answered Jun 10 at 9:09
KrishnaKrishna
101
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f597765%2fhow-to-connect-to-mongodb-server-via-ssh-tunnel%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The "channel 2" and "channel 3" lines are from ssh. The sshd instance on the remote server is trying to connect to host.com port 27017 in order to service a tunnel connection, and it's getting a "connection timed out" error.
In other words, sshd on the remote server can't reach the target of the tunnel. Since the remote host is also the host which you're supposedly tunneling to, it's hard to say what the specific problem is. It could be that "host.com" resolves to more than one IP address. You're making an SSH connection to one server in the cluster, and then a different server in the cluster is being chosen as the tunnel target. You could try changing the tunnel target to "localhost" instead of "host.com":
ssh -fN -l root -i path/to/id_rsa -L 9999:localhost:27017 host.com
Update:
"-L 9999:localhost:27017" means that the ssh client on the local server listens for connections on port 9999. When it gets a connection, it tunnels the connection to the sshd instance on the remote server. The remote sshd instance connects from there to localhost:27017. So "localhost" here is from the perspective of the remote server.
With the netstat output, it's a little clearer why it wasn't working before. The "127.0.0.1:27017 " part means that Mongodb is specifically bound to the localhost (127.0.0.1) interface on the remote host. You can't contact that instance of mongodb directly by trying to connect to the host's regular IP address--you can only contact that instance of mongodb through the localhost address. And of course, since it's localhost, you can only contact if from a client running on the same host.
So, the way you're doing it now--tunnel a connection to the server through ssh and then connect to localhost from there--is the way to do it.
answered May 22 '14 at 18:13
KensterKenster
1,68211 silver badges13 bronze badges
that's really strange.. the way you use-Lseems to contradict the ssh man page:-L [bind_address:]port:host:hostport Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.it explicitly says thathostis the remote server's host.. you are using it for local?
– abbood
May 22 '14 at 23:01
I tried the same command with an ip address.. but same result.. btw I updated my question to show the result of me running netstat for listening services if that helps
– abbood
May 22 '14 at 23:35
after reading around here and here turns out your way is the correct way. however I have a question.. in the first link the guy explains why your command is necessary-->
– abbood
May 23 '14 at 0:09
1
ssh -L 27017:myserver:27017 user@myserver Should listen on port 27017 on localhost, then tunnel over the ssh connection to my server and then hit myserver on port 27017. Now, if myserver is listening on only localhost, this won't work, because the hostname may be pointing to the external IP address. If that is the case, try this ssh -L 27017:localhost:27017 user@myserver
– abbood
May 23 '14 at 0:10
can you please explain what this means? what does 'hostname is only pointing to external IP address' mean?
– abbood
May 23 '14 at 0:12
|
show 1 more comment
The "channel 2" and "channel 3" lines are from ssh. The sshd instance on the remote server is trying to connect to host.com port 27017 in order to service a tunnel connection, and it's getting a "connection timed out" error.
In other words, sshd on the remote server can't reach the target of the tunnel. Since the remote host is also the host which you're supposedly tunneling to, it's hard to say what the specific problem is. It could be that "host.com" resolves to more than one IP address. You're making an SSH connection to one server in the cluster, and then a different server in the cluster is being chosen as the tunnel target. You could try changing the tunnel target to "localhost" instead of "host.com":
ssh -fN -l root -i path/to/id_rsa -L 9999:localhost:27017 host.com
Update:
"-L 9999:localhost:27017" means that the ssh client on the local server listens for connections on port 9999. When it gets a connection, it tunnels the connection to the sshd instance on the remote server. The remote sshd instance connects from there to localhost:27017. So "localhost" here is from the perspective of the remote server.
With the netstat output, it's a little clearer why it wasn't working before. The "127.0.0.1:27017 " part means that Mongodb is specifically bound to the localhost (127.0.0.1) interface on the remote host. You can't contact that instance of mongodb directly by trying to connect to the host's regular IP address--you can only contact that instance of mongodb through the localhost address. And of course, since it's localhost, you can only contact if from a client running on the same host.
So, the way you're doing it now--tunnel a connection to the server through ssh and then connect to localhost from there--is the way to do it.
answered May 22 '14 at 18:13
KensterKenster
1,68211 silver badges13 bronze badges
that's really strange.. the way you use-Lseems to contradict the ssh man page:-L [bind_address:]port:host:hostport Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.it explicitly says thathostis the remote server's host.. you are using it for local?
– abbood
May 22 '14 at 23:01
I tried the same command with an ip address.. but same result.. btw I updated my question to show the result of me running netstat for listening services if that helps
– abbood
May 22 '14 at 23:35
after reading around here and here turns out your way is the correct way. however I have a question.. in the first link the guy explains why your command is necessary-->
– abbood
May 23 '14 at 0:09
1
ssh -L 27017:myserver:27017 user@myserver Should listen on port 27017 on localhost, then tunnel over the ssh connection to my server and then hit myserver on port 27017. Now, if myserver is listening on only localhost, this won't work, because the hostname may be pointing to the external IP address. If that is the case, try this ssh -L 27017:localhost:27017 user@myserver
– abbood
May 23 '14 at 0:10
can you please explain what this means? what does 'hostname is only pointing to external IP address' mean?
– abbood
May 23 '14 at 0:12
|
show 1 more comment
The "channel 2" and "channel 3" lines are from ssh. The sshd instance on the remote server is trying to connect to host.com port 27017 in order to service a tunnel connection, and it's getting a "connection timed out" error.
In other words, sshd on the remote server can't reach the target of the tunnel. Since the remote host is also the host which you're supposedly tunneling to, it's hard to say what the specific problem is. It could be that "host.com" resolves to more than one IP address. You're making an SSH connection to one server in the cluster, and then a different server in the cluster is being chosen as the tunnel target. You could try changing the tunnel target to "localhost" instead of "host.com":
ssh -fN -l root -i path/to/id_rsa -L 9999:localhost:27017 host.com
Update:
"-L 9999:localhost:27017" means that the ssh client on the local server listens for connections on port 9999. When it gets a connection, it tunnels the connection to the sshd instance on the remote server. The remote sshd instance connects from there to localhost:27017. So "localhost" here is from the perspective of the remote server.
With the netstat output, it's a little clearer why it wasn't working before. The "127.0.0.1:27017 " part means that Mongodb is specifically bound to the localhost (127.0.0.1) interface on the remote host. You can't contact that instance of mongodb directly by trying to connect to the host's regular IP address--you can only contact that instance of mongodb through the localhost address. And of course, since it's localhost, you can only contact if from a client running on the same host.
So, the way you're doing it now--tunnel a connection to the server through ssh and then connect to localhost from there--is the way to do it.
answered May 22 '14 at 18:13
KensterKenster
1,68211 silver badges13 bronze badges
The "channel 2" and "channel 3" lines are from ssh. The sshd instance on the remote server is trying to connect to host.com port 27017 in order to service a tunnel connection, and it's getting a "connection timed out" error.
In other words, sshd on the remote server can't reach the target of the tunnel. Since the remote host is also the host which you're supposedly tunneling to, it's hard to say what the specific problem is. It could be that "host.com" resolves to more than one IP address. You're making an SSH connection to one server in the cluster, and then a different server in the cluster is being chosen as the tunnel target. You could try changing the tunnel target to "localhost" instead of "host.com":
ssh -fN -l root -i path/to/id_rsa -L 9999:localhost:27017 host.com
Update:
"-L 9999:localhost:27017" means that the ssh client on the local server listens for connections on port 9999. When it gets a connection, it tunnels the connection to the sshd instance on the remote server. The remote sshd instance connects from there to localhost:27017. So "localhost" here is from the perspective of the remote server.
With the netstat output, it's a little clearer why it wasn't working before. The "127.0.0.1:27017 " part means that Mongodb is specifically bound to the localhost (127.0.0.1) interface on the remote host. You can't contact that instance of mongodb directly by trying to connect to the host's regular IP address--you can only contact that instance of mongodb through the localhost address. And of course, since it's localhost, you can only contact if from a client running on the same host.
So, the way you're doing it now--tunnel a connection to the server through ssh and then connect to localhost from there--is the way to do it.
answered May 22 '14 at 18:13
KensterKenster
1,68211 silver badges13 bronze badges
edited Mar 2 '16 at 15:22
answered May 22 '14 at 18:13
KensterKenster
1,68211 silver badges13 bronze badges
answered May 22 '14 at 18:13
KensterKenster
1,68211 silver badges13 bronze badges
answered May 22 '14 at 18:13
KensterKenster
1,68211 silver badges13 bronze badges
1,68211 silver badges13 bronze badges
that's really strange.. the way you use-Lseems to contradict the ssh man page:-L [bind_address:]port:host:hostport Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.it explicitly says thathostis the remote server's host.. you are using it for local?
– abbood
May 22 '14 at 23:01
I tried the same command with an ip address.. but same result.. btw I updated my question to show the result of me running netstat for listening services if that helps
– abbood
May 22 '14 at 23:35
after reading around here and here turns out your way is the correct way. however I have a question.. in the first link the guy explains why your command is necessary-->
– abbood
May 23 '14 at 0:09
1
ssh -L 27017:myserver:27017 user@myserver Should listen on port 27017 on localhost, then tunnel over the ssh connection to my server and then hit myserver on port 27017. Now, if myserver is listening on only localhost, this won't work, because the hostname may be pointing to the external IP address. If that is the case, try this ssh -L 27017:localhost:27017 user@myserver
– abbood
May 23 '14 at 0:10
can you please explain what this means? what does 'hostname is only pointing to external IP address' mean?
– abbood
May 23 '14 at 0:12
|
show 1 more comment
that's really strange.. the way you use-Lseems to contradict the ssh man page:-L [bind_address:]port:host:hostport Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.it explicitly says thathostis the remote server's host.. you are using it for local?
– abbood
May 22 '14 at 23:01
I tried the same command with an ip address.. but same result.. btw I updated my question to show the result of me running netstat for listening services if that helps
– abbood
May 22 '14 at 23:35
after reading around here and here turns out your way is the correct way. however I have a question.. in the first link the guy explains why your command is necessary-->
– abbood
May 23 '14 at 0:09
1
ssh -L 27017:myserver:27017 user@myserver Should listen on port 27017 on localhost, then tunnel over the ssh connection to my server and then hit myserver on port 27017. Now, if myserver is listening on only localhost, this won't work, because the hostname may be pointing to the external IP address. If that is the case, try this ssh -L 27017:localhost:27017 user@myserver
– abbood
May 23 '14 at 0:10
can you please explain what this means? what does 'hostname is only pointing to external IP address' mean?
– abbood
May 23 '14 at 0:12
that's really strange.. the way you use
-L seems to contradict the ssh man page: -L [bind_address:]port:host:hostport Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. it explicitly says that host is the remote server's host.. you are using it for local?– abbood
May 22 '14 at 23:01
that's really strange.. the way you use
-L seems to contradict the ssh man page: -L [bind_address:]port:host:hostport Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. it explicitly says that host is the remote server's host.. you are using it for local?– abbood
May 22 '14 at 23:01
I tried the same command with an ip address.. but same result.. btw I updated my question to show the result of me running netstat for listening services if that helps
– abbood
May 22 '14 at 23:35
I tried the same command with an ip address.. but same result.. btw I updated my question to show the result of me running netstat for listening services if that helps
– abbood
May 22 '14 at 23:35
after reading around here and here turns out your way is the correct way. however I have a question.. in the first link the guy explains why your command is necessary-->
– abbood
May 23 '14 at 0:09
after reading around here and here turns out your way is the correct way. however I have a question.. in the first link the guy explains why your command is necessary-->
– abbood
May 23 '14 at 0:09
1
1
ssh -L 27017:myserver:27017 user@myserver Should listen on port 27017 on localhost, then tunnel over the ssh connection to my server and then hit myserver on port 27017. Now, if myserver is listening on only localhost, this won't work, because the hostname may be pointing to the external IP address. If that is the case, try this ssh -L 27017:localhost:27017 user@myserver
– abbood
May 23 '14 at 0:10
ssh -L 27017:myserver:27017 user@myserver Should listen on port 27017 on localhost, then tunnel over the ssh connection to my server and then hit myserver on port 27017. Now, if myserver is listening on only localhost, this won't work, because the hostname may be pointing to the external IP address. If that is the case, try this ssh -L 27017:localhost:27017 user@myserver
– abbood
May 23 '14 at 0:10
can you please explain what this means? what does 'hostname is only pointing to external IP address' mean?
– abbood
May 23 '14 at 0:12
can you please explain what this means? what does 'hostname is only pointing to external IP address' mean?
– abbood
May 23 '14 at 0:12
|
show 1 more comment
I've done few configurations on my Ubuntu 18 Vagrant box in order to successfully connect MongoDB remotely using Robo 3T GUI. I've explained in the following steps.
- On Ubuntu server, to open mongo shell run:
$ mongo Inside mongo shell, type following command to create new a admin user.
> use admin;
> db.createUser(user:"admin", pwd:"password", roles:[ role: "root", db: "admin" ]);By default mongodb is configured to allow connections only from localhost(IP 127.0.0.1). We need to allow remote connections from any ip address. The following change should only be done in your development server. Open up etc/mongod.conf file and do the following change.
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0 #default value is 127.0.0.1Also in the same mongod.conf file uncomment security option and add authorization option as shown below.
security:
authorization: enabledSave and exit the mongod.conf file and restart mongodb server.
$ sudo servcie mongod restartDownload and install Robo 3T GUI tool.
On Robo 3T GUI, in the connection settings, you need to do few changes as shown on
below screen shots.
Enter mongodb admin database username and password which you have created earlier.
Here, I have entered my Ubuntu 18 Vagrant box ssh credentials.
Save the changes and press connect icon to see if the connection is working fine.
answered Jun 10 at 9:09
KrishnaKrishna
101
add a comment |
I've done few configurations on my Ubuntu 18 Vagrant box in order to successfully connect MongoDB remotely using Robo 3T GUI. I've explained in the following steps.
- On Ubuntu server, to open mongo shell run:
$ mongo Inside mongo shell, type following command to create new a admin user.
> use admin;
> db.createUser(user:"admin", pwd:"password", roles:[ role: "root", db: "admin" ]);By default mongodb is configured to allow connections only from localhost(IP 127.0.0.1). We need to allow remote connections from any ip address. The following change should only be done in your development server. Open up etc/mongod.conf file and do the following change.
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0 #default value is 127.0.0.1Also in the same mongod.conf file uncomment security option and add authorization option as shown below.
security:
authorization: enabledSave and exit the mongod.conf file and restart mongodb server.
$ sudo servcie mongod restartDownload and install Robo 3T GUI tool.
On Robo 3T GUI, in the connection settings, you need to do few changes as shown on
below screen shots.
Enter mongodb admin database username and password which you have created earlier.
Here, I have entered my Ubuntu 18 Vagrant box ssh credentials.
Save the changes and press connect icon to see if the connection is working fine.
answered Jun 10 at 9:09
KrishnaKrishna
101
add a comment |
I've done few configurations on my Ubuntu 18 Vagrant box in order to successfully connect MongoDB remotely using Robo 3T GUI. I've explained in the following steps.
- On Ubuntu server, to open mongo shell run:
$ mongo Inside mongo shell, type following command to create new a admin user.
> use admin;
> db.createUser(user:"admin", pwd:"password", roles:[ role: "root", db: "admin" ]);By default mongodb is configured to allow connections only from localhost(IP 127.0.0.1). We need to allow remote connections from any ip address. The following change should only be done in your development server. Open up etc/mongod.conf file and do the following change.
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0 #default value is 127.0.0.1Also in the same mongod.conf file uncomment security option and add authorization option as shown below.
security:
authorization: enabledSave and exit the mongod.conf file and restart mongodb server.
$ sudo servcie mongod restartDownload and install Robo 3T GUI tool.
On Robo 3T GUI, in the connection settings, you need to do few changes as shown on
below screen shots.
Enter mongodb admin database username and password which you have created earlier.
Here, I have entered my Ubuntu 18 Vagrant box ssh credentials.
Save the changes and press connect icon to see if the connection is working fine.
answered Jun 10 at 9:09
KrishnaKrishna
101
I've done few configurations on my Ubuntu 18 Vagrant box in order to successfully connect MongoDB remotely using Robo 3T GUI. I've explained in the following steps.
- On Ubuntu server, to open mongo shell run:
$ mongo Inside mongo shell, type following command to create new a admin user.
> use admin;
> db.createUser(user:"admin", pwd:"password", roles:[ role: "root", db: "admin" ]);By default mongodb is configured to allow connections only from localhost(IP 127.0.0.1). We need to allow remote connections from any ip address. The following change should only be done in your development server. Open up etc/mongod.conf file and do the following change.
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0 #default value is 127.0.0.1Also in the same mongod.conf file uncomment security option and add authorization option as shown below.
security:
authorization: enabledSave and exit the mongod.conf file and restart mongodb server.
$ sudo servcie mongod restartDownload and install Robo 3T GUI tool.
On Robo 3T GUI, in the connection settings, you need to do few changes as shown on
below screen shots.
Enter mongodb admin database username and password which you have created earlier.
Here, I have entered my Ubuntu 18 Vagrant box ssh credentials.
Save the changes and press connect icon to see if the connection is working fine.
answered Jun 10 at 9:09
KrishnaKrishna
101
answered Jun 10 at 9:09
KrishnaKrishna
101
answered Jun 10 at 9:09
KrishnaKrishna
101
answered Jun 10 at 9:09
KrishnaKrishna
101
101
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f597765%2fhow-to-connect-to-mongodb-server-via-ssh-tunnel%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
