Oracle Cloud Infrastructure Documentation

Creating a Port Forwarding Session in Bastion

Create a port forwarding session.

You must have the following information about the target resource you intend to create a session for:
  • Valid credentials to sign in to the target resource, such as operating system and database
  • One of the following:
    • The name and compartment of the target compute instance 
    • The IP address and port of the target resource

Ensure that you have the public key file of the SSH key pair that you plan to use to connect to the session. To learn more, see Managing Key Pairs on Linux Instances.

    1. Open the navigation menu and click Identity & Security. Click Bastion.
    2. Under List scope, select the compartment where you want to create a bastion session.
    3. Click the name of the bastion.
    4. Click Create session.
    5. Choose SSH port forwarding session to create an SSH tunnel to a specific port on the target resource.
      This type of session doesn't require an OpenSSH server or the Oracle Cloud Agent to run on the target resource, such as an Autonomous Database for Transaction Processing and Mixed Workloads database.
    6. Choose one of the following options:
      • Enter the IP Address of the target resource.
      • Select the target Compute instance name.

        If needed, change the compartment to find the instance. Only active instances are listed.

    7. Enter the port number you want to connect to on the target resource.
      Port numbers include the following examples:
      • SSH server on a Linux instance: 22 (default)
      • Remote Desktop Protocol (RDP) server on a Windows instance: 3389
      • Autonomous Database for Transaction Processing and Mixed Workloads database: 1521
      • MySQL DB System: 3306
    8. Enter a display name for the new session.

      Avoid entering any confidential information in this field.

    9. Under Add SSH key, provide the public key file of the SSH key pair that you want to use for the session.

      Later, when you connect to the session, you must provide the private key of the same SSH key pair.

    10. (Optional) To change the maximum amount of time that the session can remain active, click Show advanced options, and then enter a value for Maximum session time-to-live.

      Provide a value that's at least 30 minutes, but doesn't exceed the maximum TTL of the bastion. The default is 180 minutes or three hours.

      You can also delete a session before it expires.

    11. When you're finished, click Create session.

  • Use the oci bastion session create-port-forwarding command and required parameters to create a port forwarding session:

    oci bastion session create-port-forwarding --bastion-id <bastion_ocid> [OPTIONS]

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Run the CreateSession operation to create a port forwarding session.