I am using the new SSH tunnel feature of Toad 17, but I am wondering how I would tell that it is actually tunneling. There is 'SSH' in the Security column, and that connection does work. I am just wondering if there is some independent way to prove it is using an SSH tunnel.
Cheers,
Russ
Hi Russ,
How about this? Like PuTTY, you open the tunnel once and then any product can use it. It's the same for Toad. So make your connection using Toad's SSH option. Then go to SQL*Plus or an old version of Toad. You should be able to connect there too.
We added this functionality by means of a trusted 3rd party component for Delphi. I may have to pass your question on to them, to be honest.
-John
LOLs That would not help because I am testing this feature in an environment where we don't need it in anticipation of using it in one where we do. Any successful connection from another Toad or program can get there anyway. I need a way to prove that 17 is actually using the tunnel it is configured for.
Cheers,
Russ
Normally, the proof would be that a connection works where it did not without the tunnel. That is not the case here. I am testing where a connection DOES work without a tunnel.
Cheers,
Russ
I just sent you a private message.
Alright. I figured out a way to verify that it must be going over SSH. Using TNS Names, if I set entry's port to a value that differs from the local port in the SSH settings, I get an "ORA-12541: no listener" error. After setting the entry correctly for localhost with the SSH local port, the connection goes through. It is not exactly a proof that the security auditors would accept, but it seems to verify that as far as I am concerned.
Cheers,
Russ
Sounds good. Thanks for the follow up. I'll leave my question to the 3rd party vendor just to see what they come back with.
Answered here: https://support.devart.com/portal/en/community/topic/how-can-i-prove-that-a-ssh-connection-made-by-securebridege-odac-is-actually-ssh
LOLs His answer is correct but not helpful for those who are not permitted packet analyzers in client or server.
Cheers,
Russ