Here are my thoughts on the new built-in SSH feature in Toad 17.0:
-
It really does work once you get the configs correct. That being said...
-
The feature is inadequately documented in the user guide.
-
When using an SSH keys file, TOAD insists on looking for a '.pub' file even when the public key is inside the '.ppk' file, which is what PuttyGen does. Since TOAD can clearly find the correct keys, in either file, and USES them, it seems that it should not need a '.pub' file. I suspect the insistence on a '.pub' file comes before looking in the '.ppk' file to see if there is already a public key present. All you need to do is duplicate the '.ppk' to a '.pub' with the same name, and it will work. (This seems buggy to me.)
-
The Local Port field of the SSH dialog is the port that TOAD connections will use to enter the SSH tunnel. All connections through an SSH tunnel will use a host of 'localhost' and a port of 'SSH Local Port'. The Remote Port field of the SSH dialog is the port of the Oracle Listener (often '1521').
-
When using a TNS Names file, you must create supporting entries in the file BEFORE opening TOAD's connection dialog. (TOAD reads TNS Names each time it opens that dialog.) For SSH, these entries must have a host of 'localhost' and a port of your SSH Local Port (i.e., the local entrance to the SSH tunnel).
-
When using the Direct tab of the Connection dialog, you must specify a Host field of 'localhost' and a Port field of 'SSH Local Port'.
-
When SSH is configured for a connection, the lock icon on the SSH button is closed. Otherwise, it is open. Does this mean 'validly configured' or just 'all the fields filled in'?
-
I like TOAD's ability to import an SSH configuration already defined into a new connection. This is good because setting up the first one was rather troublesome.
-
You must be sure to specify a different SSH Local Port for every different server + Listener port combination you are going to connect to. TNS Names entries must reflect the correct SSH port. If you specify the same port for two target hosts, then the first one connected gets the Local Port. If you then try the second, it will detect the existing tunnel on that Local Port and use it. This should return an 'unknown service' Listener error, but if you have identical service names on multiple servers, then you could find yourself unwittingly connecting to a different database than you expected. (Always have unique service names across all your servers.)
-
If you have multiple Listeners on a server OR a single Listener serving multiple protocols and ports, then you must have a different SSH Local Port for each combination. Since the Listener port is specified in the SSH configuration of a connection, you must have a unique SSH config for each. For example, we use TCP with ANO on port 2521 and TCPS with TLS on 2522, but we have a single Listener for the entire setup. For TOAD connections via SSH, we have to specify two different tunnel configurations, or TOAD will route a connection down the wrong tunnel. We must make sure that the port+protocol combination specified in TNS Names matches the Local Port and protocol of the targeted tunnel and Listener. (If I was not already well familiar with these things, I would have been at a loss to set this up using the information provided in the user guide.)
-
It is not clear what the Test button in the SSH dialog is testing. Is it a TNS Ping through the tunnel, or is it just checking if it can create the tunnel?
-
What happens when the last connection through a tunnel is closed? Does the tunnel stay open for a while or does TOAD close the tunnel immediately?
Cheers,
Russ