Database Tunneling

Description


The following instructions describe setting up a secure tunnel via SSH to the internal UCONN database's. There are multiple connection methods described below. Please follow the method best suited for your operating system and configuration.

 

MAC OS X ("Mountain" Lion 10.8 or Higher)


Configure SSH Access

Please follow these instructions to configure Mac OS X to work properly with UCONN's SSH requirements. Ensure you have submitted a formal request for a UITS admin to add you to the UConn Gateway Server.

 

Acquire Kerberos Ticket

Getting a Kerberos Ticket using Ticket Viewer app

Ticket Viewer is a Kerberos GUI application included in OS X. It can be found under /System/Library/CoreServices and a shortcut can be created to it (desktop or taskbar)

Once ticket viewer is open, choose Add Identity and enter your <netid>@UCONN.EDU and then your password to save the "ticket" into ticket viewer. Tickets can then be created/destroyed using the "arrow" and "X" icons under the identity name.

Getting a Kerberos Ticket through the Terminal

Terminal is the basic command line application that comes with OS X. To create a Kerberos ticket using Terminal open a session.

  • Enter the command kinit <netid>@UCONN.EDU
  • Enter your password when prompted
  • Enter the command klist to verify your ticket was created successfully, similar to the below screen

 

Creating the Database Tunnel

Terminal Method

Application Method

There are various GUI applications for creating SSH tunnels on OS X.  SSH TUNNEL MANAGER and FUGU SSH are both supported.

SSH Tunnel Manager

FUGU SSH

 

 


Windows (Windows 7 and higher)

Ensure you have submitted a formal request for a UITS admin to add you to the UConn Gateway Server.

Configure MIT Kerberos for WIndows

  • Download and install the latest MIT Kerberos for Windows - Use .msi if available
  • Choose "Typical Installation"
  • Once the client is installed, open it and choose "Get Ticket". Enter your <netid>@UCONN.EDU and password to create a ticket.

 

Configure PUTTY to create Tunnel(s)

PUTTY is an SSH client that can create secure tunnels into remote systems. It is used to create tunnels to the UCONN database servers via the Gateway Server.

  • Download the latest version of PUTTY for Windows
  • Choose the version "A Windows Installer for everything except PuttyTel" (you will need the PuttyGen tool)
  • Use the PUTTYGen tool to create an SSH key for your system (including moving your mouse when instructed to randomize the key)
  • Place a request to a UITS admin to grant you access to the Gateway server so you can create tunnels using a proxy
  • Set up a Saved Session with tunnels in PUTTY


  • Ensure your SSH settings are correct 
  • Expand the SSH tab
  • Configure the security settings for SSH version 2.


  • Configure GSSAPI settings as ENABLED for SSH-2


  • Configure your tunnels
  • Tunnels should use a local port of 1521 or 152(X) if you have multiple tunnels set up (ex: both dbserver01 and dbserver02) remote port is 1521.
  • "destination" will be dbserver02.uits.uconn.edu for non-production systems and dbserver01.uits.uconn.edu for production
  • Once create, these tunnels should be saved in your PUTTY profile.


    Edit the Kerberos configuration file

    The Kerberos configuration file must include the settings for UCONN servers:
    [realms]

     UCONN.EDU = {

            kdc = kerberos.uconn.edu

            admin_server = kadmin.uconn.edu

     }


    On Windows, the krb5.ini is located in a hidden directory, c:\ProgramData\MIT\Kerberos5
    In Unix, the file is located in /etc
    Create or edit the existing one and include the realms section.