0

Upon logging in to Linux box, no authentication is required to connect with MongoDB.

How to connect from Go code to such MongoDB instance? I need to SSH into Linux box using username and password, and then connect to MongoDB.

Tried below code but it throws: "no reachable servers"

From the command prompt, I am able to ping Linux machine IP address and my IDE can connect to internet as well.

    mongoDBDialInfo := &mgo.DialInfo{
        Addrs:    []string{"<LINUX_IP_ADDRESS>"},
        Timeout:  60 * time.Second,
        Database: "<MONGODB_DATABASE_NAME>",
        Username: "<LINUX_USERNAME>",
        Password: "<LINUX_PASSWORD>",
    }

    mongoSession, err := mgo.DialWithInfo(mongoDBDialInfo)
    if err != nil {
        log.Fatalf("CreateSession: %s\n", err)
    }
Improve this question
1
  • mgo.DialInfo uses mongo authentication, not ssh credentials. Your "I need to SSH into Linux box using username and password" is an ssh tunnel. See godoc.org/golang.org/x/crypto/ssh Commented Oct 14, 2019 at 14:59

1 Answer 1

Reset to default
1

An ssh tunnel is a a viable, though sometimes tricky measure to protect a service.

The tricky part is that the tunnel might collapse and you have little you can do when this happens, since the tunnel is created outside your application.

However, for MongoDB, it additionally comes with some rather nasty side effects: You would need to fiddle a lot with settings and DNS to get a replica set up and running, let alone sharding.

It would be better if you enabled authentication (it is not that hard) and TLS as well as proper security measures and then bind your MongoDB server to either 0.0.0.0 or the IP address you use to connect to the machine.

Side note: Make sure you have a brute force blocker like fail2ban or denyhosts installed, configured to protect MongoDB and tested if you do so.

If the sum of the above seems too complicated, you should think VERY thoroughly about wether you should not rather use a hosted MongoDB service like MongoDB Inc's Atlas or mLab.

Nevertheless, here is how you can do it:

$ ssh user@linuxhost -N -f -L 27017:127.0.0.1:27017
Password:

Enter the password. The process will get into background, and you can check wether it is still running via

$ ps ax | grep ssh

This opens an ssh tunnel to the remote host, opening the port 27017 (the first port on the machine you run the command on, and tunnels it through the ssh connections to 127.0.0.1 (the localhost adress of the remote host) on port 27017.

Now, you can simply set &mgo.DialInfo{Addrs:[]string{"127.0.0.1:27017"}}

Note

In case it was not clear by now: I strongly (!!!) advice against using an ssh tunnel. It makes creating a replicaset rather complicated and excludes sharding pretty much. Learn how to properly manage MongoDB. MongoDB University offers free courses, and they are pretty damn good.

You. Have. Been. Warned.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Is it even possible to set up a replicaset if the db listens on local interface only? OP never mentioned repset or sharding. I agree the idea of using ssh tunneling here is pretty bad and should be used as a last resort.
@Markus W Mahlberg - Fantastic, but code is on a windows machine which needs to connect to Linux MongoDb, any suggestions?
@Test you still can set up a tunnel from windows using putty. Please keep in mind that in any way setting up a tunnel by 3rd party app you lose control on it from your go app. Tunnels are not quite reliable and it will be user's responsibility to ensure the tunnel is up and remains open.
@AlexBlex you can use different ports, and potentially use ha-proxy to forward those ports to different hosts (on which you'd have to do the same) - way more complicated than a proper deploymemt, but it would work. And using MongoDB without a replset really makes no sense. An embedded KV store would make much more sense because less overhead and less constraints with the added bonus of the ability to optimize everything to the application's needs.
Replicas are quite expensive. Standalone mongo has a number of advantages comparing to a KV storage - aggregation, indexes, capped collections to name a few. I believe there are quite a few usecases where it makes sense to have a standalone instance. More sense than connect to it using ssh tunnels anyway =)
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.