Unable To Connect to Source Database Using Reverse SSH

Issue

While using the reverse SSH tunnel connection method, connector setup tests fail before reaching the Connecting to Database Test.

Environment

• All database connectors.
• Connection method: Reverse SSH tunnel

Resolution

To resolve the issue, do the following:

1. Ensure the following autossh command is configured correctly, replacing all placeholders with the relevant values:

   autossh -M 0 -f -N -R <SSH_HIGH_PORT>:<LOCAL_DB_MACHINE_NAME_OR_IP>:<LOCAL_DB_MACHINE_PORT> <FIVETRAN_SSH_USERNAME>@<FIVETRAN_SUPPLIED_IP> -g -i <PATH_TO_PRIVATE_KEY> -o ServerAliveInterval=10 -o ServerAliveCountMax=1 -o ExitOnForwardFailure=yes  
   

2. Ensure you have provided the correct details in the connector's setup form.

   i. In Fivetran, go to your database connector page.

   ii. Select the Setup tab.

   iii. Click Edit connection.

   iv. In the Tunnel Host field, enter the IP address we provided you.

   v. In the Tunnel Port field, enter 22.

   vi. In the Host field, enter localhost or 127.0.0.1.

   vii. In the Port field, enter your SSH high port number.

3. Ensure you can connect to the Fivetran tunnel host from your tunnel host.

   i. Run the following command, replacing all placeholders with the relevant values:

   ssh <FIVETRAN_SSH_USERNAME>@<FIVETRAN_SUPPLIED_IP> -i <PATH_TO_PRIVATE_KEY>  
   

   ii. If prompted, approve the fingerprint.

   iii. If the connection times out, check that outbound connections on port 22 are allowed in your tunnel host's security settings.

4. Ensure you can connect to your database host from your tunnel host.

   i. Run the following command:

   telnet <LOCAL_DB_MACHINE_NAME_OR_IP> <LOCAL_DB_MACHINE_PORT>  
   

   ii. If the connection times out, ensure that your tunnel host allows outbound connections on the port used by your database and that your database host allows inbound connections on the same port.

Cause

This issue may occur for any of the following reasons:

• Incorrect or invalid values in the connector's setup form.
• The Fivetran tunnel host fingerprint wasn't approved on your tunnel host.
• Outbound connections are blocked by your tunnel host's security rules.
• Inbound connections are blocked by your database host's security rules.