Connecting Databases with FireDAC through SSH
A customer recently asked me if FireDAC can be used to connect to a database through an SSH tunnel. The short answer is yes, of course. But let’s understand better what is an SSH tunnel, and how this goal can be easily achieved when using Delphi and FireDAC. SSH Tunnels Secure Shell (ssh) is a standard tool included on most “network” operating systems i.e. Linux, UNIX, MacOS, and now also on Windows (natively speaking). If you had used PuTTY sometime in your life to connect to a remote command line interface, in general a Linux system, SSH was the protocol used for that. So the key thing here to use FireDAC via an SSH secure interface is to understand that FireDAC (or any other database access framework) has nothing to do with it. What you need is to establish a permanent SSH tunnel and then setup your database connection properly. We’ll see two ways to establish an SSH tunnel: one using an external tool (PuTTY) and the second one directly coded in your application. SSH Servers The aim of this article isn’t to teach how to create an SSH Server, but I had to create one to test my solution, so here is what I’m using. Basically I have a Linux VM running a PostgreSQL database (this is the database the customer would like to connect, but the solution is database agnostic), and over it I’ve installed and started an SSH Server following this tutorial: https://docs.oracle.com/cd/E37670_01/E41138/html/ch25s03.html This is for Oracle Linux (this is what I’m running due another proof of concept I had to do past week) but you’ll find similar tutorials for your preferred Linux flavor. Testing the Connection Before trying the connection from FireDAC, it’s a good idea to prove the connection using just command line tools that are integral part of the operation systems, so you have an idea if things are working or not. So, having both the SSH Server and the database instance (PostgreSQL in my case) open and running on Linux, we can try a first connection from Windows using any SSH client terminal. Windows 10 has a native client since the 1809 “October Update”, but I’ll stick with PuTTY as this is a dominant utility for system admins. These are my Putty configurations. In the Session page you need to specify the server IP and the SSH port (22 is the default): And in the SSH/Tunnels configuration page you specify how the tunnel will be created: What this configuration is saying? Basically to create an SSH tunnel you have to specify the Source port (any available/not used port number you have in your system) and the Destination IP/Port (in this case the Linux server IP address and the Port where the PostgreSQL instance is listening – the 5432 is the default PostgreSQL port). Of course, the Source IP address will be always “localhost”, meaning your database connection will point to localhost/63333 and the tunnel will do the magic, sending the commands to the server and receiving back the results. Finally, opening the PuTTY connection and providing a valid Linux user and password (it’s recommended to create an specific user only for the SSH usage), you are going to see something similar to this below. Ugly, I know. You can test some Linux commands […]
