Skip to main content
GSA Logo

Cloud Economics

About MCaaS

Tunnel Jumphost Mongo_Atlas

Putty Method (preferred method)

Set up Putty to tunnel through your tenant Jumphost

  1. Put your current Jumphost IP in the Hostname section

  2. In the Connection section, put 120 as the keepalive time to ensure that you aren’t disconnected due to idle timeout

  3. In Connection->Data, put your SNA under username so it is automatically used for the jumphost connection

  4. In Connection->SSH check the Don’t start a shell or command at all box

  5. In Connection->SSH->Auth menu, link to your private key (in ppk format)

  6. In Connection->SSH-Tunnels, you want to add a tunnel for each mongo-atlas db you’d like to connect to. To add a mongo-atlas db input the following:

    a. Source Port: An arbitrary local port you want this database connection to map to. You’ll use this port later in the mongo tools. It can be any open port but it’s probably a good idea to have this be the same across your org to avoid confusion. For this example, local port 27017 is chosen.

    b. Destination: The endpoint of the mongo-atlas write instance you’d like to connect to. This must be the full connection string of the database, including port. For example for a dev db you would put something like pl-0-us-east-1.u9f4m.mongodbgov.net:1026 . please get the dns name and write instance port from mongo-atlas console. monto-atlas port can be 1024, 1025 or 1026.

    c. Make sure the Local and Auto radio buttons are checked below

    d. Click the Add button to add this mapping

    e. Perform additional mappings for each mongo-atlas db, taking note of which ports you’re connecting to each db to avoid confusion. The below screenshot shows one db configuration for the above dev db before hitting the add button.

  7. Once you’ve added all the dbs you want to, save this Putty config for later use

You’ll know if this Putty connection is successful if you open it and a window displays. It will not accept input at all but the window should stay open

Now you're ready to connect your db tools to the local tunnel you've created!

SSH tunnel Method

Set up SSH tunnel through your tenant Jumphost

  1. Run the SSH tunnel command as follows in a seperate window, you want to add a tunnel for each mongo-atlas db you’d like to connect to. To add a mongo-atlas db input the following:

    ssh -i <private_key> -NL <source_port>:pl-0-us-east-1.u9f4m.mongodbgov.net:1026 <jumphost_username>@<jumphost_ip>

    Example : ssh -i "D:\My Drive\.ssh\id_rsa" -NL 9999:pl-0-us-east-1.u9f4m.mongodbgov.net:1026 bjoseph@10.185.65.61

    a. Source Port: An arbitrary local port you want this database connection to map to. You’ll use this port later in the mongo tools. It can be any open port but it’s probably a good idea to have this be the same across your org to avoid confusion. For this example, local port 9999 is chosen.

    b. Destination: The endpoint of the mongo-atlas write instance you’d like to connect to. This must be the full connection string of the database, including port. For example for a dev db you would put something like pl-0-us-east-1.u9f4m.mongodbgov.net:1026 .

    c. please get the dns name and write instance port from mongo-atlas console. monto-atlas port can be 1024, 1025 or 1026.

  2. Run the SSH tunnel in a seperate window.

  3. Connect to mongo-atlas using mongo shell in another window. Here local port 27107 is used for tunneling.

    ./mongosh.exe "mongodb://<db_username>:<db_password>@localhost:<local_port>?authMechanism=default&tls=true&tlsInsecure=true"

    Example ./mongosh.exe "mongodb://itdb-dev-1:<db_password>@localhost:27017?authMechanism=default&tls=true&tlsInsecure=true"

  4. close the window to close the tunnel once work is done.

Connecting a DB tool (mongosh) to the Jumphost

Following is an example of how to connect one db tool (mongosh). Other tools should use similar principles.

  1. Connect to mongo-atlas using mongo shell in another window

    ./mongosh.exe "mongodb://<db_username>:<db_password>@localhost:<local_port>?authMechanism=default&tls=true&tlsInsecure=true"

    Example ./mongosh.exe "mongodb://itdb-dev-1:<db_password>@localhost:9999?authMechanism=default&tls=true&tlsInsecure=true"

  2. Close the the tunnel (Putty or SSH window to close the tunnel to jumphost)

Connecting a DB tool (mongodump) to the Jumphost

Following is an example of how to connect one db tool (mongodump). Other tools should use similar principles.

  1. Connect to mongo-atlas using mongo shell in another window

    ./mongodump --ssl --host $DOCUMENTDB_HOST --port $DOCUMENTDB_PORT \ --username $DOCUMENTDB_USER --password $DOCUMENTDB_PASSWORD --ssl --tlsInsecure \ --authenticationDatabase "admin" -d itcollect_by24 -c TimePeriods --out=/h/timePeriodsBackup

    DOCUMENTDB_HOST=127.0.0.1
DOCUMENTDB_PORT=9999
DOCUMENTDB_USER=itdb-dev-1
DOCUMENTDB_PASSWORD=<db_password>

  2. Close the the tunnel (Putty or SSH window to close the tunnel to jumphost)

    On this page:
test