Objective is to connect R to PostgreSQL using an SSH tunnel.
Just had unsuccessful tries with libraries RPostgreSQL and DBI. I'm not finding a way to pass along SSH tunneling parameters (proxy host, proxy user, and private key).
I wonder if there's a way to somehow specify those SSH parameters along in db query string? Maybe another way out?
Here's a code sample that I've used:
First, setup an ssh tunnel - this would be for an AWS EC2 instance:
ssh -i 'YOURKEY.pem' -N -L 1234:YOURDATABASEHOST:5432 YOURUSER#YOURAWSINSTANCE
Then in R:
library(RPostgreSQL)
conn <- dbConnect(RPostgreSQL::PostgreSQL(), dbname = 'MYREMOTEDBNAME', host = '127.0.0.1', port = 1234, password = 'MYREMOTEPASSWORD', user = 'MYREMOTEUSER')
As you can see, the key is to setup a tunnel between a remote instance of some kind and the remote database. Then you use this locally hosted tunnel (hence, 127.0.0.1 as your host) and the specified port (1234 in this case).
Related
I've created a virtual machine on Google Cloud Platform following this manual.
I was able to create an SSH connection from my local machine to the VM and set it up to host a publicly available R Shiny App. Now I'm wondering if there is any way to access my local machine from the VM using this SSH connection. This would be a problem if the server gets hacked, maybe because I wasn't able to correctly configure security settings (I'm not too experienced with this). Or is this a "one-way" connection to the VM and the other way is blocked, e.g. by my personal firewall?
Any suggestion would help. Thanks!
An SSH connection requires that the target machine have a public SSH key that are used to identify an incoming client that has the corresponding private SSH key. If you can SSH from your local PC to a GCP Compute Engine (CE) then your local PC has a copy of the private key and the compute engine has the public key. This is one-way connection. There is no symmetry in a connection originating from the compute engine. To be able to SSH into your local PC then:
Your local PC needs to has SSH server installed.
Your local PC needs to have the public part of an SSH key pair configured.
The client needs to have the private part of an SSH key pair available.
The client needs to know your IP address.
There needs to be a network route to your local PC from the client.
Your firewall needs to permit the incoming client on the port that the SSH server is listening (default 22)
Unless the above are all satisfied, there should be no mechanism to allow a compromised compute engine to open a shell "back into" your local PC.
I am attempting to connect to Redshift using the RPostgres package.
Normally this works fine, however I am using VPN to connect to my companies network.
Running the following, with placeholders for sensitive info obviously:
library(RPostgres)
con <- dbConnect(RPostgres::Postgres(),
dbname = "db",
host = "host.redshift.amazonaws.com",
port = 5439,
user = 'me',
password = 'password',
sslmode = 'require')
Getting the following error:
Error in connection_create(names(opts), as.vector(opts)) :
could not connect to server: Operation timed out
Is the server running on host "host.redshift.amazonaws.com" (IP Address) and accepting
TCP/IP connections on port 5439?
I am not familiar with VPN or how it may effect connections.
Apologies for the generality of this question, however hoping there are some ideas to at least get me started on finding a solution.
Go to your Redshift console, and see the security group which is used for your Redshift cluster, in the security group settings, view Inbound settings, those should have enabled connections from your IP. But as you're using a VPN, IP being allotted to you by the VPN might not have been allowed to connect as an inbound connection.
So either you can permit a range of IPs to connect via the security group inbound permissions, or permit all IPs to connect.
I want to access machine A which is behind the firewall through a jump host from machine B.
I want to do the same either via ssh keys or via username and password.
What will be the steps and the commands to achieve the same?
The feature is called port forwarding:
ssh -L localport:machine-a-address.domain:remote-port machine-b
Then you can simply use localpott on localhost to access the remote service on machine-a, for example:
telnet localhost localport
How can I create a SSH tunnel to a machine (RedHat Enterprise Linux) hosting a MongoDB (Version 3) and then run R scripts from my machine (windows) on the database?
I know how to connect to the machine via puTTY and then run an uploaded FCP transferred R script from the shell on the machine, however I want to perform the analysis from my PC so I can test my scripts quickly and export analyses and results easily.
This is adapted from an instruction I have for our remote MySQL SSH connections. The remote database server is configured to listen to its local address on port 27017. (127.0.0.1:27017). You would want to replace 10.10.10.10 with the IP address of the MongoDB server.
1. Install putty.exe
2. Start putty.
3. Sessions Tab:
3a. Set hostname like:
3b. <username#hostname>
3c. Eg: mongo_user#mongodb.server.com
4. Connection : SSH : Tunnels tab.
4a. Source port: 27017
4b. Destination: 10.10.10.10:27017
5. Sessions Tab
5a. Saved Session: Type name such as “MongoDB Server”
5b. Select [Save] button
On your windows client, you would use a connection string to connect to 127.0.0.1:27017 (the local source port you configured in the putty connection above)
edit to change 192.168.0.1 to 127.0.0.1 (wrong local/loopback address)
I'm running Sequel Pro 0.9.9.1 and can connect to a remote mySQL (v 14.14) database hosted on a server that only allows SSH connections. When I connect via Sequel Pro, I only need to fill out the ssh user and password to connect without issue. I am able to access all databases in this manner.
I then try to connect to the database in R (2.14.0) using RMySQL (0.9-3), but this command fails:
conn <- dbConnect(MySQL(), user="ssh_user", password="ssh_password", host="localhost")
with the error: "RS-DBI driver: (Failed to connect to database: Error: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)" regardless of if I use single quotes (suggested elsewhere), change the user and/or password to "root" or "", or substitute "127.0.0.1" for "localhost". If I substitute the server host for host in the R command, I am told I cannot access the server (which is true, it is configured to only be accessed via ssh).
What are the correct user, password and host to use to connect to a database accessed via ssh through Sequel Pro in this manner?
I've never done this, but I assume you could use SSH to tunnel the appropriate port, as discussed here: http://www.howtogeek.com/howto/ubuntu/access-your-mysql-server-remotely-over-ssh/ .
In brief, you would:
Tunnel the appropriate port through SSH, which by default would be
3306 for MySQL.
Use dbConnect() to connect to the MySQL server as
if it was on your local machine.
This bypasses the need for Sequel Pro. The tunnel essentially allows traffic on your local 3306 port to be tunneled through an SSH connection on port 22 between your local machine and the server and then forwarded to port 3306 locally on the server.