Description
The following instructions describe setting up a secure tunnel via SSH to the internal UCONN database's. There are multiple connection methods described below. Please follow the method best suited for your operating system and configuration.
MAC OS X ("Mountain" Lion 10.8 or Higher)
Configure SSH Access:
Please follow these instructions to configure Mac OS X to work properly with UCONN's SSH requirements.
Acquire Kerberos Ticket:
Getting a Kerberos Ticket using Ticket Viewer app
Ticket Viewer is a Kerberos GUI application included in OS X. It can be found under /System/Library/CoreServices and a shortcut can be created to it (desktop or taskbar)
Once ticket viewer is open, choose Add Identity and enter your <netid>@UCONN.EDU and then your password to save the "ticket" into ticket viewer. Tickets can then be created/destroyed using the "arrow" and "X" icons under the identity name.
Getting a Kerberos Ticket through the Terminal
Terminal is the basic command line application that comes with OS X. To create a Kerberos ticket using Terminal open a session.
- Enter the command kinit <netid>@UCONN.EDU
- Enter your password when prompted
- Enter the command klist to verify your ticket was created successfully, similar to the below screen
Creating the Database Tunnel
- Get a kerberos ticket by either using the terminal or the ticket viewer GUI
- If you want to connect to pre-production databases (DEV, TST, SUP) type:
- ssh -fNL 1521:dbserver02.uits.uconn.edu:1521 <yournetid>@gateway.uits.uconn.edu
- or if you want to connect to production databases (PRD, UAT) type:
- ssh -fNL 1521:dbserver01.uits.uconn.edu:1521 <yournetid>@gateway.uits.uconn.edu
Windows
Network Identity Manager / Putty Method:
- Download and install Putty from Centrify website.http://www.centrify.com/resources/putty.asp
- Download and install the latest MIT kerberos.
- Configure user account in Kerberos and create a ticket.
- Follow the instructions on the Centrify help document to configure Putty - Document is part of the downlaod package.
- Start the Putty session from Start up -> Centrify -> Putty
- type 'gateway.uits.uconn.edu' into the hostname field
- select the Connection -> SSH -> Kerberos from the categories on the left hand side and enable "Attempt Kerberos Auth"
- Enter <netid>@UCONN.EDU Service Principal Name section.
- Under Auto-Login, select third radio - User name portion of user principal name
- <SET UP THE TUNNEL>
- Select the Sessions category from the left hand side
- Type a meaningful name such as 'gateway server' into the saved sessions text field
- click the save button
SSH shared keys / Putty Method:
http://www.howtoforge.com/ssh_key_based_logins_putty
- Download Putty: http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe and save it to somewhere where you can access it
- Download PuttyGen: http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe and save it to somewhere you can access it
- Run PuttyGen.exe
- click the 'Generate' button
- move the mouse around in the window until the progress bar is complete (puttygen uses this to make the key random, this isn't a joke)
- click the 'Save public key' button, and ignore the warning about the keyphrase (what do we click to ignore it?) save the file somewhere handy, name it 'public'
- click the 'Save private key' button, save the file in the same location as the private key, name it 'private'
- Send an email to Mitch and Jim with the subject 'putty public key' and attach the 'public' file that we saved two steps prior
- close 'PuttyGen.exe'
- open 'Putty.exe'
- type 'gateway.uits.uconn.edu' into the hostname field
- select the SSH -> Data from the categories on the left hand side
- type your netid (is this true for the gateway server?) into the 'Auto login user' field
- select SSH -> Auth from the categories on the left hand side
- click the 'Browse' button to the right of the 'Private key file for authentication' field
- Select the file named private that was saved in one of the previous steps
- <SET UP THE TUNNEL>
- Select the Sessions category from the left hand side
- Type a meaningful name such as 'gateway server' into the saved sessions text field
- click the save button
<SET UP THE TUNNEL> Putty
- in putty select tunnel from the category list from the left hand side "Connection -> SSH -> Tunnels"
- In source port type 1521
- in Destination type:
- dbserver02.uits.uconn.edu:1521 (For non-production)
- dbserver01.uits.uconn.edu:1521 (For production)
- click the 'add' button
Usernames and passwords
For usernames and passwords please contact james.gedarovich@uconn.edu
Environment Connection Parameters
env | params |
---|---|
UAT_KFS, UAT_KR | Server: dbserver02.uits.uconn.edu:1521 SID: kfs40cf |
DEV_, DEV_ | |