Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-5142

Enable connecting to replica sets and TLS with SSH tunnels

    • Type: Icon: Story Story
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.31.0
    • Affects Version/s: None
    • Component/s: None
    • None
    • 8
    • Iteration Seoul, Iteration Tokyo
    • Needed
    • Hide

      The new connection form (which I think is handled in a special way on the docs side, not sure myself) now supports specifying a Socks5 proxy hostname, as well as optionally a Socks5 proxy port and/or username and password. This is mutually exclusive with the usage of SSH tunneling.

      If this feature is documented (I don't think SSH tunneling support currently is), a few security aspects might be relevant to mention in the documentation:

      • Socks5 transmits passwords in plaintext. Consequently, usage of a remote proxy host with Socks5 passwords is generally insecure.
      • Socks5 is a proxy protocol, and as such, it is highly recommended to only use it when TLS is fully enabled and no insecure TLS options are being passed.
      Show
      The new connection form (which I think is handled in a special way on the docs side, not sure myself) now supports specifying a Socks5 proxy hostname, as well as optionally a Socks5 proxy port and/or username and password. This is mutually exclusive with the usage of SSH tunneling. If this feature is documented (I don't think SSH tunneling support currently is), a few security aspects might be relevant to mention in the documentation: Socks5 transmits passwords in plaintext. Consequently, usage of a remote proxy host with Socks5 passwords is generally insecure. Socks5 is a proxy protocol, and as such, it is highly recommended to only use it when TLS is fully enabled and no insecure TLS options are being passed.

      We are going to add support for connecting to replica sets using SSH tunnels. As part of that, we ensure that connecting using SSH + TLS also works.

      This should be based on the driver work in DRIVERS-1357 / NODE-3633.

        There are no Sub-Tasks for this issue.

            Assignee:
            anna.henningsen@mongodb.com Anna Henningsen
            Reporter:
            anna.henningsen@mongodb.com Anna Henningsen
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: