1. Administering Oracle SOA Cloud Service in a Customer-Managed Environment
  2. Administer Oracle SOA Cloud Service
  3. Access a VM Through a Secure Shell (SSH)
  4. Create an SSH Tunnel

Create an SSH Tunnel

An SSH tunnel to an Oracle SOA Cloud Service VM enables you to connect to other non-public ports on the VM though a port your local machine.

You can create access rules to an Oracle SOA Cloud Service instance as an alternative to creating an SSH tunnel. However, use caution and consider possible security implications before opening up ports to external access. For more information, see Manage Access Rules for an Oracle SOA Cloud Service Instance.

If a resource provided by a VM uses a port that is not directly accessible through the Internet, you can access that resource by creating an SSH tunnel to the port. For example, you can use an SSH tunnel to connect a local Integrated Development Environment (IDE) such as Eclipse to the dedicated deployment port (9001) of the Administration Server.

In general an SSH tunnel may map a remote port to any available port number on your local machine. However, port 9001 on the Administration Server uses JMX/RMI for communication, which requires that the remote and local port numbers be the same value. Therefore, the following instructions configure the tunnel’s local port number to the same value as the VM’s port number.

Tutorial icon Tutorial

To set up an SSH tunnel to a VM:

  1. Navigate to the Services page of the Oracle SOA Cloud Service console.
  2. Click the service instance associated with the VM you want to access.
    The Oracle Java Cloud Service Instance page is displayed with the Overview tile in focus, displaying detailed information about the service instance.
  3. From the list of virtual machines, note the Public IP address of the Administration Server or the Load Balancer, depending on which VM you want to access.
    This address will be specified in the typical octet format (111.111.111.111).

    Note:

    The console displays public IP addresses only for the Administration Server and the Load Balancer VMs, not for the managed server VMs. For more information, see Connect to a Managed Server VM.
  4. On UNIX and UNIX-like platforms, use the standard OpenSSH command (ssh ) to create an SSH tunnel to the VM.
    Provide the following:

    • The path to the private key corresponding to the public key used at the time of provisioning.

    • The VM’s public IP address.

    • The port number on the VM to which you want to connect. The SSH tunnel will enable connectivity to this remote port though the same port number on your local machine.

    in this format:

    ssh -i path_to_private_key -L port:VM_IP_address:port opc@VM_IP_address -N
    For example, to create an SSH tunnel to port 9001 on the Administration Server VM:
    ssh -i /home/myuser/id_rsa -L 9001:111.111.111.111:9001 opc@111.111.111.111 -N
  5. On Windows, you can use PuTTY, an open source networking client for the Windows platform, to create an SSH tunnel to the VM.

    To download PuTTY, go to http://www.putty.org/ and click the You can download PuTTY here link.

    1. Launch PuTTY.
      The PuTTY Configuration window is displayed, showing the Session panel.
    2. In the Host Name (or IP address) field, enter the public IP address of the VM.
    3. In the Category tree, expand Connection if necessary and then click Data.
    4. In the Auto-login username field, enter opc.
    5. Confirm that the When username is not specified option is set to Prompt.
    6. In the Category tree, click Connection > SSH.
    7. Under Protocol options, select the checkbox Don't start a shell command at all.
    8. In the Category tree, expand Connection > SSH, and then click Auth.
    9. Under Private key file for authentication, click Browse.
    10. Navigate to and select your private key file. Then click Open.

      Note:

      The .ppk file extension indicates that the private key is in PuTTY's proprietary format. You must use a key of this format when using PuTTY. If you have to use a key saved in a different format, see the PuTTY documentation.
    11. In the Category tree, click Connection > SSH > Tunnels.
    12. In the Destination field, enter IP:port,
      where IP is the IP address of the VM and port is the port number on the VM to which you want to connect.
    13. In the Source Port field, enter the same port number.
    14. Click the Add button.
    15. Click Open to create the SSH tunnel to the VM.

      Note:

      You can optionally save this session configuration by navigating to the Session panel and clicking Save. When you open PuTTY the next time, you can load this configuration by selecting it and clicking Load.
  6. If the private key was defined with a passphrase, enter this value when prompted.

Applications running on your local machine can now communicate with the VM by using localhost:port, where port is the local port number.

For example, after creating an SSH tunnel to port 9001 on the Administration Server VM, launch a web browser and connect to http://localhost:9001/console.

Note:

After your work with the SSH tunnel is complete, perform a <ctrl> C to shut down the SSH tunnel.