Technology Encyclopedia Home >How to use SSH2 port mapping to connect to the external network and manage the instance in the cloud database SQL Server?

How to use SSH2 port mapping to connect to the external network and manage the instance in the cloud database SQL Server?

Created on 2025-05-23 10:03:11
142

SSH2 port mapping, also known as SSH tunneling, allows you to securely connect to a remote server and forward local ports to the remote server's ports. This is particularly useful for accessing services running on a cloud database instance that are not directly exposed to the external network, such as SQL Server.

How SSH2 Port Mapping Works:

  1. Establish an SSH Connection: You connect to a bastion host or a jump server that has access to the cloud database instance.
  2. Forward Local Ports: You configure the SSH client to forward a local port on your machine to a port on the remote server (e.g., the SQL Server port).
  3. Access the Remote Service: You can then access the remote service (e.g., SQL Server) as if it were running locally on your machine.

Steps to Use SSH2 Port Mapping to Connect to SQL Server in the Cloud:

  1. Set Up SSH Access: Ensure you have SSH access to a bastion host or a jump server that can reach your cloud database instance.
  2. Configure SSH Tunneling:
    • On Linux or macOS, use the ssh command with the -L option to forward ports. For example:
      ssh -L 1433:your-sql-server-private-ip:1433 user@bastion-host
      This command forwards your local port 1433 to the SQL Server's port 1433 on the private IP of your cloud database instance.
    • On Windows, you can use tools like PuTTY to set up SSH tunneling. In PuTTY, go to Connection > SSH > Tunnels, and add a new forwarded port (e.g., source port 1433, destination your-sql-server-private-ip:1433).
  3. Connect to SQL Server:
    • Once the SSH tunnel is established, you can connect to the SQL Server using a local client (e.g., SQL Server Management Studio) by specifying localhost as the server name and 1433 as the port.

Example:

Suppose your SQL Server instance is running on a private IP 10.0.0.5 in the cloud, and you have a bastion host with the public IP 203.0.113.1. You can set up an SSH tunnel as follows:

ssh -L 1433:10.0.0.5:1433 user@203.0.113.1

After the tunnel is established, you can connect to the SQL Server using localhost and port 1433 in your SQL client.

Using Tencent Cloud Services:

Tencent Cloud provides a secure and scalable environment for hosting SQL Server instances. To enhance security, you can use Tencent Cloud's VPC (Virtual Private Cloud) to isolate your database instance and SSH Bastion Host to securely manage access. Additionally, Tencent Cloud's Security Groups can be configured to restrict access to the SQL Server instance, ensuring that only authorized SSH connections can forward ports.

By leveraging SSH2 port mapping and Tencent Cloud's security features, you can securely manage and access your SQL Server instance in the cloud.