-
Type:
Task
-
Resolution: Done
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: Compass
-
Labels:None
We should mention the following in the documentation on the connect page:
https://docs.mongodb.com/compass/current/connect/
SSH tunnel troubleshoot
If you want to connect to a MongoDB instance via an SSH tunnel through a bastion host, the ssh configuration on the bastion host must allow TCP port forwarding. This can be enabled in the /etc/ssh/sshd_config file by setting the AllowTcpForwarding directive to yes, and restarting the the ssh daemon (sudo service sshd restart).
Some distributions have this mode enabled by default, others do not.
Also ensure that the bastion (jumpbox) hostname goes into the "SSH Hostname" field, and your final destination database hostname goes into the "Hostname" field at the top.
Manually set up SSH tunnel
You can also manually build an SSH tunnel from the command line with the following command:
ssh -L <local_port>:<mongodb_hostname>:<mongodb_port> <user>@<bastion_hostname> -fN
For example, if you have a mongod server running on (internal) hostname-a.com on port 27017, and the bastion host is hostname-b.com with user name ec2-user, you can build the tunnel via
ssh -L 27000:hostname-a.com:27017 ec2-user@hostname-b.com -fN
You can now connect the mongo shell or Compass locally on localhost:27000 to connect to that remote server via the SSH tunnel.