Multiple SSH tunnel hops with DBeaver

Question

Can DBeaver create two SSH tunnels and then connect to a database?

I have successfully created one SSH tunnel but not two.

I am trying to connect to an AWS RDS database via Bastion host. Bastion host only allows SSH access from my corporate IP range. This means that when I am in the office I can connect to the RDS from DBeaver just fine:

1. My computer is in the allowed IP range
2. DBeaver creates an SSH tunnel to a Bastion host in my VPC inside the AWS cloud
3. DBeaver connects to the RDS database

The issue arises when I work from home. I would have to add "zero" step to have an allowed IP address for the Bastion host connection: 0) Connect to the machine inside the office

I have not yet managed to achieve this. Has anyone got an idea of how to do this?

Answer 1

Kudos to @erik258 for pointing me in the right direction.

I have created an SSH tunnel between an office machine and the Bastion host. When in the office machine, when I access http://localhost:<local_port> I am in effect communicating with the <RDS_endpoint> on port <remote_port>.

Steps:

1. Create an SSH tunnel from the office machine to the Bastion host. Source

$ ssh -L <local_port>:<RDS_endpoint>:<remote_port> -i <path_to_ssh_key> ec2-user@<Bastion_host public IP>

<local_port> - random port

<remote_port> - port RDS endpoint listens to (5432 for PostgreSQL)

<RDS_endpoint> - endpoint specified on the AWS RDS page

2. Create DBeaver connection. In the "SSH" section specify your office machine. In "Main" section, set "Host" as localhost, and "Port" as <local_port>.