How can I connect to an AWS MSSQL database over an SSH tunnel, using node.js?

Question

i'm trying to connect to a remote database that only allows connections through an ssh tunnel using node.js.

i'm scratching my head how to set this up using tunnel-ssh and mssql together, particularly what the source and destination ports should be. i've got something like this right now:

require("dotenv").config()

const sql = require("mssql")
const tunnel = require("tunnel-ssh")

const tnl = tunnel(
  {
    host: process.env.SSH_HOST,
    port: process.env.SSH_PORT,
    username: process.env.SSH_USER,
    privateKey: require("fs").readFileSync(process.env.SSH_KEYFILE_PATH),

    // more needed here?
  },
  (error, tnl) => {
    if (error) console.log(error)
    const db = mssql
    .connect(
      `mssql://${process.env.DB_USER}:${process.env.DB_PASS}@${process.env.DB_HOST}/${process.env.DB_NAME}`
    )
    .then(() => {
      const result = mssql.query`SELECT * FROM INFORMATION_SCHEMA.TABLES`
      console.log(result)
    })
    .catch(err => console.log(err))
  }
)

at the moment tunnel-ssh is complaining with ConfigError: dstPort not set, but i'm not sure what the source and destination ports should actually be?

i've also tried using ssh2 instead of tunnel-ssh .

i want my ssh connection on the normal port (22) and my database is listening for connections on port 1433.

how does this map onto source and destinations?

---

UPDATE: aha. i've managed to get this working using the command line ssh client.

a bit more info: i'm connecting to an aws rds instance through a bastion jump box.

now, i only vaguely understand what those words mean, but i've managed to get an ssh tunnel working using a command like this:

ssh -f -N -L 1433:my-db.1234566.eu-west-2.rds.amazonaws.com:1433 ec2-user@bastion.ec2.ip.here -v

how might i convert this command into the format that tunnel-ssh expects?

Answer 1

I think you are misunderstanding the nature of the SSH tunnel. The point of it is to map a port on your system to a remote port on another system. So any connections done on the local port will be forwarded to the destination port on the remote server.

Here are example configurations for it on their repository.

i want my ssh connection on the normal port (22) and my database is listening for connections on port 1433.

Well, you can...

    var config = {
      username:'root',
      password:'secret',
      host:sshServer,
      port:22,
      dstHost:destinationServer,
      dstPort:1433,
      localHost:'127.0.0.1',
      localPort:22
    };

But I believe it would be better suited if you just use the same port as your database one ( 1433 ). Keep in mind your MSSQL client will have to connect on port 22 and localhost . Any other connection to localhost:22 will end up at the MSSQL database service.

Some explanation of the ports:

port : The port where the remote SSH server is running.

localPort : The local port that will forward the connection to the remote port.

dstPort : The remote port where the connection will end.

Alternatively, the same can be done with a SSH client on your OS:

ssh -L 22:localhost:1433 yourSSHhost

Which would let you connect on localhost port 22 to your MSSQL server.

Update

With this tunnel:

ssh -f -N -L 1433:my-db.1234566.eu-west-2.rds.amazonaws.com:1433 ec2-user@bastion.ec2.ip.here -v

You could do it like this with tunnel-ssh library:

Would be:

    var config = {
      username:"ec2-user",
      password:"yourpasswordhere",
      host:"bastion.ec2.ip.here",
      port:22,
      dstHost:"my-db.1234566.eu-west-2.rds.amazonaws.com",
      dstPort:1433,
      localHost:"127.0.0.1",
      localPort:1433
    };

You do need to set up the user and privateKey (+ passphrase if you have one) or the password if not using SSH keys.