[DOCS-9816] Add clarification/troubleshoot for SSH Tunnel feature in Compass Created: 24/Jan/17  Updated: 30/Oct/23  Resolved: 27/Feb/17

Status: Closed
Project: Documentation
Component/s: Compass
Affects Version/s: None
Fix Version/s: Server_Docs_20231030

Type: Task Priority: Major - P3
Reporter: Thomas Rueckstiess Assignee: Kay Kim (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 7 years, 3 weeks, 2 days ago

 Description   

We should mention the following in the documentation on the connect page:

https://docs.mongodb.com/compass/current/connect/

SSH tunnel troubleshoot

If you want to connect to a MongoDB instance via an SSH tunnel through a bastion host, the ssh configuration on the bastion host must allow TCP port forwarding. This can be enabled in the /etc/ssh/sshd_config file by setting the AllowTcpForwarding directive to yes, and restarting the the ssh daemon (sudo service sshd restart).

Some distributions have this mode enabled by default, others do not.

Also ensure that the bastion (jumpbox) hostname goes into the "SSH Hostname" field, and your final destination database hostname goes into the "Hostname" field at the top.

Manually set up SSH tunnel

You can also manually build an SSH tunnel from the command line with the following command:

ssh -L <local_port>:<mongodb_hostname>:<mongodb_port> <user>@<bastion_hostname> -fN

For example, if you have a mongod server running on (internal) hostname-a.com on port 27017, and the bastion host is hostname-b.com with user name ec2-user, you can build the tunnel via

ssh -L 27000:hostname-a.com:27017 ec2-user@hostname-b.com -fN

You can now connect the mongo shell or Compass locally on localhost:27000 to connect to that remote server via the SSH tunnel.


Generated at Thu Feb 08 07:59:13 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.