Web programming

Units WEB1P and WEB2P

Setting up SSH tunneling

SSH tunneling is a means of establishing a secure connection between two machines. It is frequently used to allow secure access through a firewall to services that do not normally carry their own security mechanisms, e.g. FTP.

See here for a technical explanation of how SSH tunneling works.

Connecting to a remote Oracle database using SSH tunneling

The following instructions show how to set up a tunnel using ssh version 3.2. If you have a different SSH client, you will need to follow similar steps.

  1. Establish a connection (usually a login connection) to a server (specifically an SSH server) inside the firewall to which you have authorised access (i.e. can login). The SSH server does not necessarily need to be the computer to which you ultimately want to connect, but can be.
  2. Select Edit || Settings...
  3. On the Outgoing tab, add a new connection
  4. Fill in the details for your connection:
    1. Choose a suitable Display Name
    2. The Type will normally be TCP
    3. The Listen Port is the one to be used on your local computer - this can be any unused port
    4. Selecting Allow Local Connections Only will prohibit other people from connecting through your local computer (i.e. add security)
    5. The Destination Host and Destination Port must be the machine and port you ultimately want to connect to (e.g. the Oracle server)
  5. Note that the tunnel only remains open whilst you are connected to the login server. SSh settings (click to enlarge screenshot)

Establishing a JDBC connection to the remote database

If your database's normal URL is, for example, jdbc:oracle:thin:@herring.mech.port.ac.uk:1521:salmon, then provided the SSH tunnel is open, you will be able to connect to the remote database by using the URL jdbc:oracle:thin:@localhost:1921:salmon

The host is localhost and the port is whatever you specified as the Listen Port (above) because JDBC must make its link to the SSH client on your local machine. SSH will then convey packets to the SSH server (these will be encrypted and secure), which will then forward them to the destination host (over a connection that is not encrypted). In the above example, salmon is the Oracle name for the database on the destination host.

 

Last updated by Prof Jim Briggs of the School of Computing at the University of Portsmouth

  
The web programming units include some material that was formerly part of the WPRMP, WECPP, WPSSM and WEMAM units.