Creating an SSH Tunnel to a Compute Node Port

To create an SSH tunnel to a port on a compute node associated with Oracle Database Exadata Cloud at Customer, you use Secure Shell (SSH) client software that supports tunneling.

Several SSH clients that support tunneling are freely available. The following sections show how to use SSH clients on the Linux and Windows platforms to connect to a compute node using an SSH tunnel.

Note:

An SSH tunnel cannot be used to connect to an Exadata Cloud at Customer database using the SCAN listeners because an SSH tunnel is a point-to-point connection to a specific port on a specific host IP address. However, the SCAN listeners route incoming connections to any of the available node listeners, which listen on a different set of virtual IP addresses. See Connecting Remotely to the Database by Using Oracle Net Services.

Creating an SSH Tunnel Using the ssh Utility on Linux

The Linux platform includes the ssh utility, an SSH client that supports SSH tunneling.

Before you use the ssh utility to create an SSH tunnel, you need the following:

The IP address of the target compute node.

The IP addresses associated with a database deployment on Oracle Database Exadata Cloud at Customer are listed on the details page associated with the database deployment. See Viewing Detailed Information for a Database Deployment.
The SSH private key file that pairs with the public key used during the database deployment creation process.
The port number for which you want to create an SSH tunnel.

To create an SSH tunnel for a port using the ssh utility on Linux:

In a command shell, set the file permissions of the private key file so that only you have access to it:
```
$ chmod 600 private-key-file
```
private-key-file is the path to the SSH private key file that matches the public key used during the database deployment creation process.
Run the ssh utility:
```
$ ssh -i private-key-file -L local-port:target-ip-address:target-port opc@target-ip-address
```
where:
- private-key-file is the path to the SSH private key file.
- local-port is the number of an available port on your Linux system. Specify a port number greater than 1023 and less than 49152 to avoid conflicts with ports that are reserved for the system. As a good practice, and for the sake of simplicity, you should specify the same port number as the one to which you are creating a tunnel.
- target-ip-address is the IP address of the target compute node in x.x.x.x format.
- target-port is the port number to which you want to create a tunnel.
If this is the first time you are connecting to the target compute node, the ssh utility prompts you to confirm the public key. In response to the prompt, enter yes.

After the SSH tunnel is created, you can access the port on the target compute node by specifying localhost:local-port on your Linux system.

Creating an SSH Tunnel Using the PuTTY Program on Windows

PuTTY is a freely available SSH client program for Windows that supports SSH tunneling.

Before you use the ssh utility to create an SSH tunnel, you need the following:

The IP address of the target compute node.

The IP addresses associated with a database deployment on Oracle Database Exadata Cloud at Customer are listed on the details page associated with the database deployment. See Viewing Detailed Information for a Database Deployment.
The SSH private key file that pairs with the public key used during the database deployment creation process.
The port number for which you want to create an SSH tunnel.

To create an SSH tunnel for a port using the PuTTY program on Windows:

Download and install PuTTY.

To download PuTTY, go to http://www.putty.org/ and click the You can download PuTTY here link.
Run the PuTTY program.

The PuTTY Configuration window is displayed, showing the Session panel.
Configure SSH connectivity:
1. In Host Name (or IP address) box, enter the IP address of the target compute node.
2. Confirm that the Connection type option is set to SSH.
3. In the Category tree, expand Connection if necessary and then click Data.
  
  The Data panel is displayed.
4. In Auto-login username box, enter oracle.
5. Confirm that the When username is not specified option is set to Prompt.
6. In the Category tree, expand SSH and then click Auth.
  
  The Auth panel is displayed.
7. Click the Browse button next to the Private key file for authentication box. Then, in the Select private key file window, navigate to and open the private key file that matches the public key used during the database deployment creation process.
Add a forwarded port:
1. In the Category tree, click Tunnels.
  
  The Tunnels panel is displayed.
2. In the Source Port box, enter the number of an available port on your system. Specify a port number greater than 1023 and less than 49152 to avoid conflicts with ports that are reserved for the system. As a good practice, and for the sake of simplicity, you should specify the same port number as the one to which you are creating a tunnel.
3. In the Destination box, enter the IP address of the target compute node, a colon, and the port number to which you want to create a tunnel; for example, 192.0.2.100:1521.
4. Confirm that the Local and Auto options are set.
5. Click Add to add the forwarded port.
  
  The new forwarded port appears in the Forwarded ports list.
In the Category tree, click Session.

The Session panel is displayed.
In the Saved Sessions box, enter a name for this connection configuration. Then, click Save.
Click Open to open the connection.

The PuTTY Configuration window is closed and the PuTTY window is displayed.
If this is the first time you are connecting to the target compute node, the PuTTY Security Alert window is displayed, prompting you to confirm the public key. Click Yes to continue connecting.

After the SSH tunnel is created, you can access the port on the target compute node by specifying localhost:local-port on your system, where local-port is the source port that you specified when creating the tunnel.