Error while connecting MongoDB Atlas thru SSH tunnel from window local machine

Anurag_Agni · January 7, 2024, 10:24am

Error while connecting MongoDB Atlas thru SSH tunnel from window local machine via bastion

Need to connect Mongo Atlas from local window machine. VPC peering already established .Able to connect main atlas string from bastion

Getting error while connecting from local window bastion thru ssh tunnel [bastion]

ETIMEDOUT 34.143.170.137:27017

Bastion Ip: 34.124.229.3
mongosh “mongodb+srv://nfc-cluster-pri.4heqo.mongodb.net/” --apiVersion 1 --username anuragagnihotri => Atlas String=>
Individual Node:
atlas-luwprw-shard-00-00.4heqo.mongodb.net:27017
atlas-luwprw-shard-00-01.4heqo.mongodb.net:27017
atlas-luwprw-shard-00-02.4heqo.mongodb.net:27017

[root@bast ssh]# grep AllowTcpForwarding sshd_config
AllowTcpForwarding yes

AllowTcpForwarding no

[root@bast ssh]#

/etc/hosts entry

127.0.0.1 atlas-luwprw-shard-00-00.4heqo.mongodb.net

???
from window command prompt -
C:\Users\2293940>putty -L 27017:atlas-luwprw-shard-00-00.4heqo.mongodb.net:27017 anurag@34.124.229.3 -i anurag.ppk

C:\Users\2293940>mongosh mongodb://atlas-luwprw-shard-00-00.4heqo.mongodb.net:27017 --tls --authenticationDatabase admin --username anuragagnihotri password
Enter password: ********
Current Mongosh Log ID: 659a75e115619ced907900af
Connecting to: mongodb://@atlas-luwprw-shard-00-00.4heqo.mongodb.net:27017/?directConnection=true&tls=true&authSource=admin&appName=mongosh+1.8.2
MongoServerSelectionError: connect ETIMEDOUT 34.143.170.137:27017

C:\Users\2293940>

Anurag_Agni · January 7, 2024, 10:26am

Hi

Already tried below steps , but did not works

Connecting Atlas cluster by manually creating SSH tunnel

Execute the following command on the machine from which you want to connect to your Atlas cluster:

ssh -i -N -L :: ec2-user@

Even though the SSH tunnel has been created, you cannot connect to Atlas cluster by specifying localhost in mongo shell, because SSL certificates are validated against the Atlas host name. To fix this, navigate to your /etc/hosts file and point ATLAS HOSTNAME to 127.0.0.1 :

127.0.0.1 <ATLAS HOSTNAME>

After this you can use any client to connect to the MongoDB Atlas cluster node:

mongosh mongodb://<ATLAS HOSTNAME>:<ssh tunnel port> --tls --authenticationDatabase admin --username <database username> --password

Regards
Anurag

chris · January 7, 2024, 9:58pm

Hi @Anurag_Agni

MongoDB Compass can correctly ssh tunnel.

To achieve this without MongoDB Compass a ssh dynamic forwarding can be used along with the proxyHost and proxyPort uri options with mongosh.

# run ssh with dynamic forwarding on localhost:3000
ssh -D 3000 bastion-host.com

mongosh "mongodb://username:ecurepassword@protectedhost.net/?proxyHost=localhost&proxyPort=3000"

Anurag_Agni · January 8, 2024, 12:24pm

Hi @chris
Thanks for your valuable guidance . Much appreciated. I will test you steps.

I have made entry of individual node in C:\Windows\System32\drivers\etc\hosts file and added bastion ip entry in access list [atlas] ,After that i am able to access individual node from local machine to atlas [thru bastion host via ssh tunneling]

Thanks
Anurag