asked on
SSH tunnel connection alternative
Hi
I have an oracle server in SITE A DMZ and RHEL server has only private IP address for security purposes.
Firewall is open for customer IP range in SITE B.
Users in remote external Site B need to connect via SQL client tool (developer) to SITE A server.
Currently connection is cumbersome and requires to configure and uses an SSH tunnel to WEB SERVER in SITE A and then jump to DB server.
The connection requires a public/private key authentication.
It requires also oracle client software and putty and creating connection string in TNSNAMES.ORA.
Questions:
1) Is it possible to do automated password authentication using putty instead of private key or not?
It does not seem putty can store passwords in connection profiles.
2) Is there a better easier alternative connection method to DB server other than SSH tunnel? Security refused to assign public IP to DB server.
If so, once configured it should be possible for the developer to connect to the database server directly
You do not need to store a password in the connection profile when you use public key authentication. The public key from the developer needs to be stored in ~/.ssh/authorized_keys on server A to enable the automatic connection. The private key would need to be loaded by the developer once (and supply their private key password), you can use Pagent for this (Pagent = PuTTY Agent).
ASKER
problem is that for this DB connection over SSH tunnel, it would not work using password authentication.
The unix account must be "nologin" prompt and it has to jump connection to DB server.
VPN is not an option.
I have to look at Kitty. I am not sure if this will work and can be work and whether it is certified/approved software for windows machines by security.
And use plain access IP between the systems involved.
This should be configured ONCE on both sites firewalls.
It's been suggested. Evidentially VPN isn't a option
sorry missed your comment when scrolling down earlier.
https://www.9bis.net/kitty/#!index.md