Oracle Cloud Infrastructure Documentation

Connecting to a Port Forwarding Session

Describes how to connect to a port forwarding session.

You can view steps to connect to a port forwarding session in the following scenarios:

Connect to the SSH Server on a Compute Instance

Before you begin, you must create a Port Forwarding session (also known as an SSH tunnel) to the SSH server on the instance , which by default is port 22.

  • You must have the private key file of the SSH key pair that you used to create the session.
  • The IP address of the machine must be in the CIDR block allowlist of the bastion that hosts the session.
  • The IP address of the bastion must be permitted to access the target resource. See Allowing Network Access From the Bastion.

You can use a port forwarding session to connect to instances that don't meet all requirements for a Managed SSH session.

  1. Open the navigation menu and click Identity & Security. Click Bastion.
  2. Under List scope, select the compartment where the bastion was created.
  3. Click the name of the bastion, and then, under Sessions, locate the session that you want to use to connect to the intended target resource.
  4. In the Actions menu for the session, click View SSH command.
  5. To copy the command, next to SSH command, click Copy, and then click Close.
  6. Use a text editor to replace <privateKey> with the path to the private key and <localPort> with the local port on the machine from which you want to connect to the bastion.

    You can use any available local port. The default SSH server port is 22.

  7. (Optional) Add the verbose (-v) option to the SSH command for detailed information about the connection.
    Note

    Don't use the -vv or -vvv options.
  8. Use a command line to issue the customized SSH command and connect to the bastion session.

    If your private key was created with a passphrase, you are prompted to enter it twice for a Dynamic Port Forwarding (SOCKS5) session.

    After creating a connection to a Dynamic Port Forwarding (SOCKS5) session, the process will not exit. Do not close the terminal.

    If you enabled verbose output (-v), the final message after a successful connection is:

    debug1: pledge: network
  9. Use an SSH client to connect to localhost (or 127.0.0.1) and the local port you specified, <localPort>.

    Provide the name of a valid user on the instance's operating system.

    ssh -i <privateKey> -p <localPort> <user>@localhost

    The default username on most platform images is opc. Example:

    ssh -i <privateKey> -p 8001 opc@localhost

    If your private key was created with a passphrase, you are prompted to enter it.

If you run into any problems, see Troubleshooting Bastion.

Connect to Windows Using the Remote Desktop Protocol (RDP)

Before you begin, you must create a Port Forwarding session (also known as an SSH tunnel) to the RDP port on the Windows instance , which by default is port 3389.

  • You must have the private key file of the SSH key pair that you used to create the session.
  • The IP address of the machine must be in the CIDR block allowlist of the bastion that hosts the session.
  • The IP address of the bastion must be permitted to access the target resource. See Allowing Network Access From the Bastion.

To create the SSH tunnel using PuTTY instead of OpenSSH (the ssh command), see Connect to Windows using RDP and PuTTY.

To connect to a Windows instance using an RDP client and a Port Forwarding session:

  1. Open the navigation menu and click Identity & Security. Click Bastion.
  2. Under List scope, select the compartment where the bastion was created.
  3. Click the name of the bastion, and then, under Sessions, locate the session that you want to use to connect to the intended target resource.
  4. In the Actions menu for the session, click View SSH command.
  5. To copy the command, next to SSH command, click Copy, and then click Close.
  6. Use a text editor to replace <privateKey> with the path to the private key and <localPort> with the local port on the machine from which you want to connect to the bastion.

    You can use any available local port. The default RDP server port is 3389.

  7. (Optional) Add the verbose (-v) option to the SSH command for detailed information about the connection.
    Note

    Don't use the -vv or -vvv options.
  8. Use a command line to issue the customized SSH command and connect to the bastion session.

    If you created a private key with a passphrase, you are prompted to enter it twice for a Port Forwarding session.

    After you create a connection to a Port Forwarding session, the process will not exit. Do not close the terminal.

    If you enabled verbose output (-v), the final message after a successful connection is:

    debug1: pledge: network
  9. Open an RDP client and connect to localhost (or 127.0.0.1) and the local port you specified, <localPort>.

    Provide the name of an existing user on the Windows instance.

If you run into any problems, see Troubleshooting Bastion.

Connect to Windows using RDP and PuTTY

Before you begin, you must create a Port Forwarding session (also known as an SSH tunnel) to the RDP port on the Windows instance , which by default is port 3389.

  • You must have the private key file of the SSH key pair that you used to create the session.
  • The IP address of the machine must be in the CIDR block allowlist of the bastion that hosts the session.
  • The IP address of the bastion must be permitted to access the target resource. See Allowing Network Access From the Bastion.

PuTTY is an open source SSH client for Windows. You must specify a private key file that is in PuTTY's proprietary format (.ppk). You can use the PuTTYgen tool to import and convert a key from OpenSSH format.

To connect to a Windows instance using PuTTY, an RDP client, and a Port Forwarding session:

  1. Open the navigation menu and click Identity & Security. Click Bastion.
  2. Under List scope, select the compartment where the bastion was created.
  3. Click the name of the bastion, and then, under Sessions, locate the session that you want to use to connect to the intended target resource.
  4. In the Actions menu for the session, click View SSH command.
  5. From the SSH command, copy the following information.
    • Bastion host name
    • Instance IP address (or DNS name) and port number

      You can only use the DNS name if DNS is enabled on the bastion.

    ssh -i <privateKey> -N -L <localPort>:<instanceIP>:<instancePort> -p 22 <bastionHost>
  6. Open PuTTY.
  7. On the Session page, update these settings.
    • Host Name - The bastion's host name
    • Port - 22
  8. From the Category panel, click SSH.
  9. Select the option Don't start a shell or command at all.
  10. From the Category panel, expand SSH, and then click Tunnels.
  11. Enter the following information.
    • Source port - You can use any available local port. The default RDP server port is 3389.
    • Destination - Enter the instance IP address (or DNS name) and port number, separated by a colon, <instanceIP>:<instancePort>. The default RDP server port is 3389.

      You can only use the DNS name if DNS is enabled on the bastion.

  12. Click Add.
  13. From the Category panel, expand SSH, and then click Auth.
  14. For Private key file for authentication, click Browse and select the private key file that you used to create the bastion.

    The .ppk file extension indicates that the private key is in PuTTY's proprietary format. Specify a key of this format when using PuTTY. You can use the PuTTYgen tool to import and convert a key from OpenSSH format.

  15. Click Open.

    A terminal opens with the message "Authenticating with public key." The process does not exit. Do not close the terminal.

    If your private key was created with a passphrase, you are prompted to enter the passphrase.

  16. Open an RDP client and connect to localhost (or 127.0.0.1) and the local port you specified, Source port.

    Provide the name of an existing user on the Windows instance.

If you run into any problems, see Troubleshooting Bastion.

Connect to an Autonomous Database for Transaction Processing and Mixed Workloads Database

Before you begin, you must create a Port Forwarding session (also known as an SSH tunnel) to the database port, which by default is port 1521.

  • You must have the private key file of the SSH key pair that you used to create the session.
  • The IP address of the machine must be in the CIDR block allowlist of the bastion that hosts the session.
  • The IP address of the bastion must be permitted to access the target resource. See Allowing Network Access From the Bastion.

To connect to an Oracle Database using a Port Forwarding session:

  1. Open the navigation menu and click Identity & Security. Click Bastion.
  2. Under List scope, select the compartment where the bastion was created.
  3. Click the name of the bastion, and then, under Sessions, locate the session that you want to use to connect to the intended target resource.
  4. In the Actions menu for the session, click View SSH command.
  5. To copy the command, next to SSH command, click Copy, and then click Close.
  6. Using a text editor, replace <privateKey> with the path to the private key and <localPort> with the local port on the machine from which you want to connect to the bastion.

    You can use any available local port. The default Oracle Database port is 1521.

  7. (Optional) Add the verbose (-v) option to the SSH command for detailed information about the connection.
    Note

    Don't use the -vv or -vvv options.
  8. Use a command line to issue the customized SSH command and connect to the bastion session.

    If you created a private key with a passphrase, you are prompted to enter it twice for a Port Forwarding session.

    After you create a connection to a Port Forwarding session, the process will not exit. Do not close the terminal.

    If you enabled verbose output (-v), the final message after a successful connection is:

    debug1: pledge: network
  9. Open a database client such as Oracle SQL*Plus or Oracle SQL Developer, and then connect to localhost (or 127.0.0.1) and the local port you specified, <localPort>.

    Provide the name and password of an existing user on the database.

If you run into any problems, see Troubleshooting Bastion.

Connect to a MySQL DB System

Before you begin, you must create a Port Forwarding session (also known as an SSH tunnel) to the database port, which by default is port 3306.

  • You must have the private key file of the SSH key pair that you used to create the session.
  • The IP address of the machine must be in the CIDR block allowlist of the bastion that hosts the session.
  • The IP address of the bastion must be permitted to access the target resource. See Allowing Network Access From the Bastion.

To connect to a MySQL DB System using a Port Forwarding session:

  1. Open the navigation menu and click Identity & Security. Click Bastion.
  2. Under List scope, select the compartment where the bastion was created.
  3. Click the name of the bastion, and then, under Sessions, locate the session that you want to use to connect to the intended target resource.
  4. In the Actions menu for the session, click View SSH command.
  5. To copy the command, next to SSH command, click Copy, and then click Close.
  6. Using a text editor, replace <privateKey> with the path to the private key and <localPort> with the local port on the machine from which you want to connect to the bastion.

    You can use any available local port. The default MySQL Heatwave port is 3306.

  7. (Optional) Add the verbose (-v) option to the SSH command for detailed information about the connection.
    Note

    Don't use the -vv or -vvv options.
  8. Use a command line to issue the customized SSH command and connect to the bastion session.

    If you created a private key with a passphrase, you are prompted to enter it twice for a Port Forwarding session.

    After you create a connection to a Port Forwarding session, the process will not exit. Do not close the terminal.

    If you enabled verbose output (-v), the final message after a successful connection is:

    debug1: pledge: network
  9. Open a database client such as MySQL Workbench and connect to localhost (or 127.0.0.1) and the local port you specified, <localPort>.

    Provide the name and password of an existing user on the database.

If you run into any problems, see Troubleshooting Bastion.