Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: ssh tunnel

Re: ssh tunnel

From: Fabrizio <fabrizio.magni_at_mycontinent.com>
Date: Fri, 26 Aug 2005 11:46:44 +0200
Message-ID: <430ee505$0$29709$892e7fe2@authen.white.readfreenews.net> 






> I'm playing around with tunneling sqlnet over ssh. I set up a tunnel on

> the client that forwards port 9521 to 1521 on the database server and

> can connect to the listener on local port 9521. I also know that once

> the connection is established by the listener, the connection gets

> handed off to a server process on a different port. Does that mean that

> all traffic after that point is not going through the tunnel?

> 




Hi Chuck,


if you are using dedicated server on a Unix machine then the 
communication port between client and listener, on server side, is 
always the listening port.



So ssh tunneling has no problems there.



But what on shared server?


(below a test to show that the communication is still crypted).



Just a test:



two machine:


bremosdbls02  (client side)


breobsbsls01  (server side)



One DB: RMAN10G



one listener, listening on PORT 1529


default dispatcher for 10g.



tunneling opened with:



nohup ssh -f -g -L 1530:breobsbsls01.ras:1529 oracle10g_at_breobsbsls01.ras 
ping -i 100 breobsbsls01.ras



from bremosdbls02  (user oracle)



I connect via sqlplus to local port 1530 using the shared server



RMAN10G =



   (DESCRIPTION =


     (ADDRESS_LIST =
       (ADDRESS = (PROTOCOL = TCP)(HOST = bremosdbls02.ras)(PORT = 1530))
     (CONNECT_DATA =
       (SERVICE_NAME = RMAN10GXDB)
       (SERVER=shared)
     )




   )



and check what happens via tcpdump (none but me is connected at the DB):



sqlplus system/rman_10g__at_rman10g



SQL*Plus: Release 10.2.0.1.0 - Production on Fri Aug 26 11:37:08 2005



Copyright (c) 1982, 2005, Oracle.  All rights reserved.




Connected to:


Oracle Database 10g Enterprise Edition Release 10.1.0.4.0 - Production
With the Partitioning and Data Mining options



SQL> select * from v$circuit;



CIRCUIT  DISPATCH SERVER   WAITER   SADDR    STATUS           QUEUE


-------- -------- -------- -------- -------- ---------------- 
----------------
   MESSAGE0   MESSAGE1   MESSAGE2   MESSAGE3   MESSAGES      BYTES 


BREAKS



---------- ---------- ---------- ---------- ---------- ---------- ----------
PRESENTATION





PCIRCUIT




599FC18C 5AC6E140 5AC6E650 00       5AD46828 NORMAL           SERVER
          0          1          0          0         33       5066 
     0




TTC



00




ps -fe|grep sqlplus


oracle   16427 27367  0 11:41 pts/1    00:00:00 sqlplus
root     16791 14492  0 11:43 pts/3    00:00:00 grep sqlplus
You have new mail in /var/mail/root


bremosdbls02:~ # lsof -p 16427|grep ESTAB
sqlplus 16427 oracle    8u  IPv4 4717301              TCP 
bremosdbls02.ras:32987->bremosdbls02.ras:rap-service (ESTABLISHED)
bremosdbls02:~ # grep rap-service /etc/services

rap-service     1530/tcp    # rap-service
rap-service     1530/udp    # rap-service





Client side the connection is kept on the 1530.




While on server side it is still on 1529:



lsof -p 20664|grep ESTAB

oracle  20664 oracle10g   15u  IPv4  339804982                TCP 


breobsbsls01.ras:coauthor->breobsbsls01.ras:8647 (ESTABLISHED)
oracle10g_at_breobsbsls01:~> grep coauthor /etc/services

coauthor        1529/tcp        # oracle
coauthor        1529/udp        # oracle






192.168.25.92 is breobsbsls01



As you can see below all the packages are cripted and tunneled on ssh.




tcpdump -vvv -A -t -XX -i eth0 src 192.168.25.92
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 
bytes


IP (tos 0x8, ttl  63, id 47322, offset 0, flags [DF], length: 52) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: . [tcp sum ok] 
2846929684:2846929684(0) ack 1544053150 win 12848 <nop,nop,timestamp 
1371701225 1122327277>


.PV.H|..0..P..E..4..@.?..3...\.......M....\.a...20.......



Q...B.Z.


IP (tos 0x8, ttl  63, id 47326, offset 0, flags [DF], length: 100) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 0:48(48) ack 1 win 
12848 <nop,nop,timestamp 1371701225 1122327277>
.PV.H|..0..P..E..d..@.?......\.......M....\.a...20.......



Q...B.Z......O....#.u.>......;..X.f.Bk


IP (tos 0x8, ttl  63, id 47331, offset 0, flags [DF], length: 100) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 48:96(48) ack 289 win 
12848 <nop,nop,timestamp 1371701225 1122327279>
.PV.H|..0..P..E..d..@.?......\.......M...D\.b...20?......



Q...B.Z...I]c........+..O...!..Q.x.Q..


IP (tos 0x8, ttl  63, id 47334, offset 0, flags [DF], length: 132) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 96:176(80) ack 577 win 
12848 <nop,nop,timestamp 1371701225 1122327287>
.PV.H|..0..P..E.....@.?......\.......M...t\.c...20h......



.n..1..uR.I}.?....X+.


IP (tos 0x8, ttl  63, id 47337, offset 0, flags [DF], length: 228) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 176:352(176) ack 769 
win 12848 <nop,nop,timestamp 1371701226 1122327295>
.PV.H|..0..P..E.....@.?..t...\.......M....\.d...20.(.....



Q...B.Z..cn...)|.......tw..3..H0.I@..D


IP (tos 0x8, ttl  63, id 47342, offset 0, flags [DF], length: 276) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 352:576(224) ack 865 
win 12848 <nop,nop,timestamp 1371701227 1122327312>
.PV.H|..0..P..E.....@.?..?...\.......M...t\.d...20w......



Q...B.[........ri.m.K.....j.....AU|od.


IP (tos 0x8, ttl  63, id 47347, offset 0, flags [DF], length: 116) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 576:640(64) ack 977 win 
12848 <nop,nop,timestamp 1371701228 1122327323>
.PV.H|..0..P..E..t..@.?......\.......M...T\.en..20.......



Q...B.[.[...W.S...f.@.oq.....w..W....?


IP (tos 0x8, ttl  63, id 47352, offset 0, flags [DF], length: 324) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 640:912(272) ack 1249 
win 12848 <nop,nop,timestamp 1371701229 1122327336>
.PV.H|..0..P..E..D..@.?......\.......M....\.f~..20-......



Q...B.[(...r5:..D....0.....E.I....F..?


IP (tos 0x8, ttl  63, id 47357, offset 0, flags [DF], length: 644) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 912:1504(592) ack 2417 
win 15184 <nop,nop,timestamp 1371701232 1122327364>
.PV.H|..0..P..E.....@.?......\.......M....\.k...;P.s.....
Q...B.[D.%~{


'


.-..uI..PeFN.4.Y~.D.*\r.


IP (tos 0x8, ttl  63, id 47362, offset 0, flags [DF], length: 228) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 1504:1680(176) ack 2497 
win 15184 <nop,nop,timestamp 1371701232 1122327376>
.PV.H|..0..P..E.....@.?..[...\.......M....\.k^..;P.......



Q...B.[P.....0YVST.[f.....%(.f.c...}-m


IP (tos 0x8, ttl  63, id 47367, offset 0, flags [DF], length: 772) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 1680:2400(720) ack 2705 
win 15184 <nop,nop,timestamp 1371701233 1122327391>
.PV.H|..0..P..E.....@.?..6...\.......M....\.l...;P.E.....



Q...B.[_.......{aF.3..;.9.OC...b.[..e?


IP (tos 0x8, ttl  63, id 47372, offset 0, flags [DF], length: 228) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 2400:2576(176) ack 2769 
win 15184 <nop,nop,timestamp 1371701234 1122327399>
.PV.H|..0..P..E.....@.?..Q...\.......M...t\.ln..;P.......
Q...B.[g}.Cm.g..[.....b.Jy.Z


w


....y7..


IP (tos 0x8, ttl  63, id 47377, offset 0, flags [DF], length: 116) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 2576:2640(64) ack 2833 
win 15184 <nop,nop,timestamp 1371701234 1122327405>
.PV.H|..0..P..E..t..@.?......\.......M...$\.l...;P.......



Q...B.[m..;..}L...I$.N]..L.c.x.t3.&V.E


IP (tos 0x8, ttl  63, id 47382, offset 0, flags [DF], length: 228) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 2640:2816(176) ack 3057 
win 15184 <nop,nop,timestamp 1371701234 1122327411>
.PV.H|..0..P..E.....@.?..G...\.......M...d\.m...;P.......



Q...B.[s..G......%.........k%c.aDuM;:;


IP (tos 0x8, ttl  63, id 47387, offset 0, flags [DF], length: 116) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 2816:2880(64) ack 3121 
win 15184 <nop,nop,timestamp 1371701235 1122327420>
.PV.H|..0..P..E..t..@.?......\.......M....\.m...;PY(.....



Q...B.[|8..v.).!W.......`...J.....pV/.


IP (tos 0x8, ttl  63, id 47392, offset 0, flags [DF], length: 260) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 2880:3088(208) ack 3409 
win 15184 <nop,nop,timestamp 1371701235 1122327426>
.PV.H|..0..P..E.... @.?......\.......M...T\.n...;PV......



Q...B.[...!.....0`..,......a....g.b..I


IP (tos 0x8, ttl  63, id 47397, offset 0, flags [DF], length: 116) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 3088:3152(64) ack 3473 
win 15184 <nop,nop,timestamp 1371701235 1122327430>
.PV.H|..0..P..E..t.%@.?......\.......M...$\.o...;P.w.....



Q...B.[.rH.i...T..3...Vc.......uR.....


IP (tos 0x8, ttl  63, id 47402, offset 0, flags [DF], length: 420) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 3152:3520(368) ack 3729 
win 15184 <nop,nop,timestamp 1371701236 1122327434>
.PV.H|..0..P..E....*@.?..s...\.......M...d\.p...;P.......



Q...B.[...8....n!ZX....N\....?s...6.j.


IP (tos 0x8, ttl  63, id 47407, offset 0, flags [DF], length: 116) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 3520:3584(64) ack 3793 
win 15184 <nop,nop,timestamp 1371701236 1122327441>
.PV.H|..0..P..E..t./@.?......\.......M....\.pn..;P.......



Q...B.[.}t..?8...n...+a....}.......b>.


IP (tos 0x8, ttl  63, id 47412, offset 0, flags [DF], length: 116) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 3584:3648(64) ack 3889 
win 15184 <nop,nop,timestamp 1371701236 1122327445>
.PV.H|..0..P..E..t.4@.?......\.......M....\.p...;P.......



..(sG3.....#V[..}.#Bc...."5.


IP (tos 0x8, ttl  63, id 47417, offset 0, flags [DF], length: 116) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 3648:3712(64) ack 3985 
win 15184 <nop,nop,timestamp 1371701236 1122327449>
.PV.H|..0..P..E..t.9@.?......\.......M...T\.q...;P.......



Q...B.[.j#a`...8.-.M..S.d.)R.?...R.w..


IP (tos 0x8, ttl  63, id 47576, offset 0, flags [DF], length: 1284) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 3712:4944(1232) ack 
4193 win 15184 <nop,nop,timestamp 1371702269 1122332372>
.PV.H|..0..P..E.....@.?..e...\.......M....\.q...;P.*.....



Q...B.n..... u..P.1+s'.V.D.n..Y|M,i     .W
IP (tos 0x8, ttl  63, id 47581, offset 0, flags [DF], length: 228) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 4944:5120(176) ack 4257 
win 15184 <nop,nop,timestamp 1371702270 1122332383>
.PV.H|..0..P..E.....@.?......\.......M...d\.r>..;PC......



Q...B.n.e..2@...Zw.. ......>`q..<.....


IP (tos 0x8, ttl  63, id 47586, offset 0, flags [DF], length: 116) 
breobsbsls01.ras.ssh > bremosdbls02.ras.32845: P 5120:5184(64) ack 4321 
win 15184 <nop,nop,timestamp 1371702270 1122332392>
.PV.H|..0..P..E..t..@.?......\.......M....\.r~..;P.......
Q...B.n....(


.


E_      .c... LdN....).8J4. .



24 packets captured


25 packets received by filter


0 packets dropped by kernel


You have new mail in /var/mail/root




-- 
Fabrizio Magni

fabrizio.magni_at_mycontinent.com

replace mycontinent with europe


Received on Fri Aug 26 2005 - 04:46:44 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US