Search code examples
mongodbgomgo

Connect from Go to remote Linux MongoDb (no auth)

Upon logging in to Linux box, no authentication is required to connect with MongoDB.

How to connect from Go code to such MongoDB instance? I need to SSH into Linux box using username and password, and then connect to MongoDB.

Tried below code but it throws: "no reachable servers"

From the command prompt, I am able to ping Linux machine IP address and my IDE can connect to internet as well.

    mongoDBDialInfo := &mgo.DialInfo{
        Addrs:    []string{"<LINUX_IP_ADDRESS>"},
        Timeout:  60 * time.Second,
        Database: "<MONGODB_DATABASE_NAME>",
        Username: "<LINUX_USERNAME>",
        Password: "<LINUX_PASSWORD>",
    }

    mongoSession, err := mgo.DialWithInfo(mongoDBDialInfo)
    if err != nil {
        log.Fatalf("CreateSession: %s\n", err)
    }
Solution

  • An ssh tunnel is a a viable, though sometimes tricky measure to protect a service.

    The tricky part is that the tunnel might collapse and you have little you can do when this happens, since the tunnel is created outside your application.

    However, for MongoDB, it additionally comes with some rather nasty side effects: You would need to fiddle a lot with settings and DNS to get a replica set up and running, let alone sharding.

    It would be better if you enabled authentication (it is not that hard) and TLS as well as proper security measures and then bind your MongoDB server to either 0.0.0.0 or the IP address you use to connect to the machine.

    Side note: Make sure you have a brute force blocker like fail2ban or denyhosts installed, configured to protect MongoDB and tested if you do so.

    If the sum of the above seems too complicated, you should think VERY thoroughly about wether you should not rather use a hosted MongoDB service like MongoDB Inc's Atlas or mLab.

    Nevertheless, here is how you can do it:

    $ ssh user@linuxhost -N -f -L 27017:127.0.0.1:27017
Password:

    Enter the password. The process will get into background, and you can check wether it is still running via

    $ ps ax | grep ssh

    This opens an ssh tunnel to the remote host, opening the port 27017 (the first port on the machine you run the command on, and tunnels it through the ssh connections to 127.0.0.1 (the localhost adress of the remote host) on port 27017.

    Now, you can simply set &mgo.DialInfo{Addrs:[]string{"127.0.0.1:27017"}}

    Note

    In case it was not clear by now: I strongly (!!!) advice against using an ssh tunnel. It makes creating a replicaset rather complicated and excludes sharding pretty much. Learn how to properly manage MongoDB. MongoDB University offers free courses, and they are pretty damn good.

    You. Have. Been. Warned.