how to connect to mongodb server via ssh tunnel
The "channel 2" and "channel 3" lines are from ssh
. The sshd
instance on the remote server is trying to connect to host.com port 27017 in order to service a tunnel connection, and it's getting a "connection timed out" error.
In other words, sshd
on the remote server can't reach the target of the tunnel. Since the remote host is also the host which you're supposedly tunneling to, it's hard to say what the specific problem is. It could be that "host.com" resolves to more than one IP address. You're making an SSH connection to one server in the cluster, and then a different server in the cluster is being chosen as the tunnel target. You could try changing the tunnel target to "localhost" instead of "host.com":
ssh -fN -l root -i path/to/id_rsa -L 9999:localhost:27017 host.com
Update:
"-L 9999:localhost:27017" means that the ssh
client on the local server listens for connections on port 9999. When it gets a connection, it tunnels the connection to the sshd
instance on the remote server. The remote sshd
instance connects from there to localhost:27017. So "localhost" here is from the perspective of the remote server.
With the netstat output, it's a little clearer why it wasn't working before. The "127.0.0.1:27017 " part means that Mongodb is specifically bound to the localhost (127.0.0.1) interface on the remote host. You can't contact that instance of mongodb directly by trying to connect to the host's regular IP address--you can only contact that instance of mongodb through the localhost address. And of course, since it's localhost, you can only contact if from a client running on the same host.
So, the way you're doing it now--tunnel a connection to the server through ssh and then connect to localhost from there--is the way to do it.
I've done few configurations on my Ubuntu 18 Vagrant box in order to successfully connect MongoDB remotely using Robo 3T GUI. I've explained in the following steps.
- On Ubuntu server, to open mongo shell run:
$ mongo
-
Inside mongo shell, type following command to create new a admin user.
> use admin; > db.createUser({user:"admin", pwd:"password", roles:[{ role: "root", db: "admin" }]});
-
By default mongodb is configured to allow connections only from localhost(IP 127.0.0.1). We need to allow remote connections from any ip address. The following change should only be done in your development server. Open up etc/mongod.conf file and do the following change.
# network interfaces net: port: 27017 bindIp: 0.0.0.0 #default value is 127.0.0.1
Also in the same mongod.conf file uncomment security option and add authorization option as shown below.
security: authorization: enabled
-
Save and exit the mongod.conf file and restart mongodb server.
$ sudo servcie mongod restart
Download and install Robo 3T GUI tool.
On Robo 3T GUI, in the connection settings, you need to do few changes as shown on below screen shots.
Enter mongodb admin database username and password which you have created earlier.
Here, I have entered my Ubuntu 18 Vagrant box ssh credentials.
Save the changes and press connect icon to see if the connection is working fine.