How can we help you today?

Start a new topic
Discussions DbVisualizer Forums Support

Problems to establish Oracle-Connection via VPN/SSH

[This topic is migrated from our old forums. The original author name has been removed]

Dear forum members, I am trying to configure a connection to an Oracle Database which resides behind a firewall and is only accessable via a Linux host to which I usually connect via SSH. I found this post related to this topic. http://confluence.dbvis.com/display/UG91/Using+an+SSH+Tunnel The entire system is protected by a VPN to which I already connected before starting my attempt to connect to the SSH-host and subsequently to the Oracle database which resides on a different server. However, it seems that already the first step, connecting to the SSH-host, fails. DBVis would say "The authenticity of host XXX.XXX.XXX.XXX can't be established. RSA fingerprint is xxxxxxxxxxx . Are you sure you want to continue connecting?" (Remark: IP and RSA fingerprint are cleared out). DBVIs then asks for the SSH-Host password again and fails to proceed. I am 100% confident that the SSH-host is available at this time with those parameters as I am able to connect via putty to it. Any idea how to overcome this? Thanks in advance and best Wuppi
9 CommentsSorted by Oldest First
[This reply is migrated from our old forums.]

Re: Problems to establish Oracle-Connection via VPN/SSH
Hi Wuppi, Which version of DbVisualizer are you using? I assume that you answer Yes to the first prompt about proceeding even though authenticity can't be established, right? Are you using a Private Key File? If so, the second prompt is for the key file passphrase, not the SSH Userid password. May that be the issue? If none of this helps, please open Tools->Debug Window and enable debugging for DbVisualizer. Then perform this operation again and include the debug output in your reply. Best Regards, Hans
[This reply is migrated from our old forums. The original author name has been removed]

Re: Problems to establish Oracle-Connection via VPN/SSH
Hi Hans, I am using the latest Version DbVisualizer Pro 9.1.11 By the way, I am trying to utillize the connection type Oracle Thin. I guess you need to know that. No, I am just ussing standard SSH without keyfile but username/password and entered both into the fields for the SSH connection. Sure, I answered Yes to the question whether to proceed. Maybe I just describe the scenario again. I can establish via a VPN a SSH connection via putty to a Linux server. From this server, I can access via OCI8 and PHP the oracle database which is behind a firewall on a different server. Here is the debugging output you requested: INFO: Connecting to 10.202.1.40 port 22 INFO: Connection established INFO: Remote version string: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 INFO: Local version string: SSH-2.0-JSCH-0.1.51 INFO: CheckCiphers: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (commented out) INFO: aes256-cbc is not available. INFO: aes192-cbc is not available. INFO: CheckKexes: diffie-hellman-group14-sha1 INFO: diffie-hellman-group14-sha1 is not available. INFO: SSH_MSG_KEXINIT sent INFO: SSH_MSG_KEXINIT received INFO: kex: server: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 INFO: kex: server: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 INFO: kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se INFO: kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se INFO: kex: server: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 INFO: kex: server: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 INFO: kex: server: none,zlib@openssh.com INFO: kex: server: none,zlib@openssh.com INFO: kex: server: INFO: kex: server: INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 INFO: kex: client: ssh-rsa,ssh-dss INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 INFO: kex: client: none INFO: kex: client: none INFO: kex: client: INFO: kex: client: INFO: kex: server->client aes128-ctr hmac-md5 none INFO: kex: client->server aes128-ctr hmac-md5 none INFO: SSH_MSG_KEXDH_INIT sent INFO: expecting SSH_MSG_KEXDH_REPLY INFO: ssh_rsa_verify: signature true WARN: Permanently added '10.202.1.40' (RSA) to the list of known hosts. INFO: SSH_MSG_NEWKEYS sent INFO: SSH_MSG_NEWKEYS received INFO: SSH_MSG_SERVICE_REQUEST sent INFO: SSH_MSG_SERVICE_ACCEPT received INFO: Authentications that can continue: publickey,keyboard-interactive,password INFO: Next authentication method: publickey INFO: Authentications that can continue: password INFO: Next authentication method: password INFO: Disconnecting from 10.202.1.40 port 22 18:50:05 [DEBUG ExecutorRunner-pool-3-thread-1 G.?] Exception while establishing the SSH tunnel com.jcraft.jsch.JSchException: SSH_MSG_DISCONNECT: 2 Too many authentication failures for eber001 at com.jcraft.jsch.Session.read(Session.java:987) at com.jcraft.jsch.UserAuthPassword.start(UserAuthPassword.java:91) at com.jcraft.jsch.Session.connect(Session.java:463) at com.jcraft.jsch.Session.connect(Session.java:183) at com.onseven.dbvis.N.H.?(Z:1874) at com.onseven.dbvis.db.A.E.?(Z:2760) at com.onseven.dbvis.db.A.D.execute(Z:808) at com.onseven.dbvis.J.B.Y.?(Z:1386) at com.onseven.dbvis.J.B.K.?(Z:1374) at com.onseven.dbvis.J.B.K.doInBackground(Z:1521) at javax.swing.SwingWorker$1.call(Unknown Source) at java.util.concurrent.FutureTask.run(Unknown Source) at javax.swing.SwingWorker.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) You help is appreciated. Thanks and have a great day. Kind regards from germany Wuppi
[This reply is migrated from our old forums.]

Re: Problems to establish Oracle-Connection via VPN/SSH
Hi Wuppi, Sorry, it seems like I missed the details about the network configuration. It looks like there may too many nodes involved here to directly use SSH from the client where you run DbVisualizer to the database server, but I'm not sure I get the exact configuration. Are you saying that the Linux server you can reach via VP is also the SSH Host, or is there a different server involved that is acting SSH Host? When trying to connect via SSH using DbVisualizer, do you have the VPN connection established? Which servers do you specify as SSH Host and Database Server? Generally speaking, if you can setup an SSH tunnel externally and then connect DbVisualizer through the local port, you can also use the SSH functionality in DbVisualizer directly. Maybe the ssh command comparison in this User Guide page may help: http://confluence.dbvis.com/display/UG91/Using+an+SSH+Tunnel Also, the log indicates that the password you provide is not accepted. It may as simpel as that you enter an incorrect password, but it is hard to say without understanding if you are connecting to the appropriate servers. Best Regards, Hans Edited by: Hans Bergsten on Nov 21, 2014 6:35 PM
[This reply is migrated from our old forums. The original author name has been removed]
[Attachment has been removed.]

Re: Problems to establish Oracle-Connection via VPN/SSH
Hello Hans, thanks for your reply. Indeed my setup is a bit more complex. I attached a PDF which illustrates that in a bit more details. Of course, I connected to the VPN first before trying to accesss via DBVisualizer. For security reasons, I do not have a direct access to the oracle database server which is proteced inside the VPN behind a firewall/proxy. The only "hole" in the firewall to this database server is the for the typical Oracle Port 1521 from a Linux-Application server to which I can access via SSH. This login attempt is part of the debugging protocoll which I send in my last post. I hope this clarifies a bit more. I am looking forward to your response. Kind regards Wuppi
[This reply is migrated from our old forums.]

Re: Problems to establish Oracle-Connection via VPN/SSH
Hi Wuppi, Thanks for the clarification. The setup looks pretty standard, even though I'm still not really sure how the VPN works here since you show all clients and servers as being included. Anyway, going back to the log and what you said earlier about your DbVisualizer connection setup. First, the log shows that the password you provide is not accepted, but you also say (in your first post) that you are getting prompted for the SSH password even though (according to your second post) you have already entered the SSH password in the connection tab field. Is that still the case? If you have entered the password in the field, you should not be prompted for it. To get any further, please let us know exactly what you have entered in all the connection tab fields (you can use the names from your PDF instead of IP addresses or real DNS names, if you like) and what prompts you see and how you answer them. Best Regards, Hans
[This reply is migrated from our old forums. The original author name has been removed]

Re: Problems to establish Oracle-Connection via VPN/SSH
Hi Hans, thank you for your reply. Here is the even more detailed information with reference to the overview PDF terms. Database Connection: XYZ Connection ========= Name: XYZ-Test Database Type: Auto Detect Driver(JDBC) Oracle Thin Connection Type Service Database Server (symbolic URL of Oracle database server) Database Port 1521 Service (Service Description) Authentification ============ Database Userid (datase userid, accessable from SSH-Server to Oracle DB-Server) Database Password XXXXXX Use SSH-Tunnel: Yes ================== SSH-Host 10.202.1.40 (IP of SSH-Server) SSH-Port 22 SSH-Userid XXXX (Userid for SSH-access on Linux SSH-Server) SSH-Password XXXX (Passworf for SSH-access on Linux SSH-Server) (This includes a hash # in it!) Private Key File (Empty) Options: ====== Auto-Commit: YES Save Database Password Save between Sessions Permission Mode Development SYS Role (Emtpy) Clicking on Connect, the Warning appears: The authentiticy of host '10.202.1.40' can't be established. RSA key fingerprint is XXXXXX. Are you sure you want to continue connecting? Yes No I am clicking on yes The resulting Connection Message is: An error occurred while establishing the SSH tunnel: Long Message: timeout in wating for rekeying process. Details:    Type: com.jcraft.jsch.JSchException Stack Trace: com.jcraft.jsch.JSchException: timeout in wating for rekeying process.    at com.jcraft.jsch.Session.write(Session.java:1330)    at com.jcraft.jsch.Session.send_newkeys(Session.java:685)    at com.jcraft.jsch.Session.connect(Session.java:348)    at com.jcraft.jsch.Session.connect(Session.java:183)    at com.onseven.dbvis.N.H.ā(Z:1874)    at com.onseven.dbvis.db.A.E.į(Z:2760)    at com.onseven.dbvis.db.A.D.execute(Z:808)    at com.onseven.dbvis.J.B.Y.ā(Z:1386)    at com.onseven.dbvis.J.B.K.Ă(Z:1374)    at com.onseven.dbvis.J.B.K.doInBackground(Z:1521)    at javax.swing.SwingWorker$1.call(Unknown Source)    at java.util.concurrent.FutureTask.run(Unknown Source)    at javax.swing.SwingWorker.run(Unknown Source)    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)    at java.lang.Thread.run(Unknown Source) Does that help you any further? Please note that I can use putty at any time to connect to that server with excatly the above parameters via SSH. Kind regards and best Wuppi
[This reply is migrated from our old forums.]

Re: Problems to establish Oracle-Connection via VPN/SSH
Hi Wuppi, Everything looks correct, and the debug output still is the same as I get when I use an incorrect SSH password. Have you tried reentering it? Maybe a sysadmin for the SSH server can see something more in the server logs? Best Regards, Hans
[This reply is migrated from our old forums. The original author name has been removed]

Re: Problems to establish Oracle-Connection via VPN/SSH
I am using Wasel Pro VPN service provider http://www.bestcheapvpnservice.com/cheap-vpn-providers/ on my laptop with easy use and simple interface to get through blocking easily and browse the web freely with high speed and unlimited bandwidth using VPN over SSH service enabling you to bypass firewalls everywhere. Edited by: mandella on Jan 26, 2015 1:02 AM
[This reply is migrated from our old forums. The original author name has been removed]

Re: Problems to establish Oracle-Connection via VPN/SSH
Hallo Mandella, leider habe ich keinen Einfluß auf den verwendeten VPN-Service. Viele Grüße Wuppi
Comments to this discussion are now closed!
More topics in Support
See all 1311 topics