SSH Support in Direct Mode
In This Topic
SSH connection is established between client and SSH server. SSH server in turn communicates with Oracle in an unencrypted mode. This is called SSH tunneling. A benefit of SSH tunneling is that it allows you to connect to a Oracle server from behind a firewall when the Oracle server port is blocked. Oracle server does not need to be attuned for this type of connection and functions as usual. To connect to Oracle server a client must first be authorized on SSH server.
dotConnect for Oracle supports both connecting to Oracle Cloud and on-premises Oracle servers using SSH in the Direct mode.
Setting Up SSH Connection
To enable using SSH, you need to add the ssh:// prefix to the Host connection string parameter. Note also that the Host parameter must be set as if you are connecting from the computer with the SSH Server installed. Thus, if they are installed on the same computer, you need to set the Host parameter to ssh://localhost and specify the host domain name or address in the SSH Host connection string parameter.
OracleConnection.SshOptions property points to object that holds all information necessary to
connect to SSH server. Alternatively, you may specify the corresponding parameters in the
connection string. Here is brief explanation on what you have to specify in this object:
| Property |
Connection String Parameter |
Meaning |
| SshOptions.AuthenticationType |
SSH Authentication Type |
Client authentication methods |
| SshOptions.CipherList |
SSH Cipher List |
List of ciphers that client agrees to use, by colons. |
| SshOptions.Host |
SSH Host |
Name or ip address of SSH server |
| SshOptions.Passphrase |
SSH Passphrase |
Passphrase for the client key |
| SshOptions.Password |
SSH Password |
User password on SSH server |
| SshOptions.Port |
SSH Port |
Number of port on SSH server to connect |
| SshOptions.PrivateKey |
SSH Private Key |
Location of private key to use. |
| SshOptions.User |
SSH User |
User id on SSH server |
Locations of private key can be specified in three ways:
- As file in the system: file://C:\Temp\client.key
- As item of certificate store: storage://Name.Id (examples RSA.Client.key or DSA.Client.key)
- As compiled resource: resource://client.key
- Loaded to memory, using MemCryptStorage class: memory://key_id
The property SshOptions.CipherList contains the list of the ciphers that client agrees to use,
separated by colons. By default it is empty, which means that client agrees to use any of available
ciphers. The appropriate values for the CipherList property are listed below, highlighted in bold.
dotConnect for Oracle supports two modes of block ciphering: Cipher-block chaining (CBC) and
Counter (CTR). The following ciphers are available for SSH connections in the CBC mode:
- 3DES or 3DES(168) - Triple Data Encryption Algorithm. Key size 168 bits.
- Blowfish - Symmetric-key block cipher, designed in 1993 by Bruce Schneier. Key size 128 bits.
- AES(128) - Advanced Encryption Standard. Key size 128 bits.
- AES(192) - Advanced Encryption Standard. Key size 192 bits.
- AES or AES(256) - Advanced Encryption Standard. Key size 256 bits.
In the CTR mode the AES ciphers are used.
- AES(128)-CTR - Advanced Encryption Standard. Key size 128 bits.
- AES(192)-CTR - Advanced Encryption Standard. Key size 192 bits.
- AES-CTR or AES(256)-CTR - Advanced Encryption Standard. Key size 256 bits.
// Password Authentication
OracleConnection myConn = new OracleConnection("Direct=True;Host=ssh://localhost;Port=1521;Service Name=orcl;User ID=scott;Password=tiger;");
myConn.SshOptions.AuthenticationType = SshAuthenticationType.Password;
myConn.SshOptions.User = "sshUser";
myConn.SshOptions.Host = "OracleSSH";
myConn.SshOptions.Password = "sshPassword";
OracleCommand myCommand = new OracleCommand("select count(*) from dept", myConn);
myConn.Open();
Int64 count = Convert.ToInt64(myCommand.ExecuteScalar());
Console.WriteLine(count);
myConn.Close();
// Public Key Authentication
OracleConnection myConn = new OracleConnection("Direct=True;Host=ssh://localhost;Port=1521;Service Name=orcl;User ID=scott;Password=tiger;");
myConn.SshOptions.AuthenticationType = SshAuthenticationType.PublicKey;
myConn.SshOptions.User = "sshUser";
myConn.SshOptions.Host = "sshServer";
myConn.SshOptions.PrivateKey = "E:\\WORK\\client.key";
OracleCommand myCommand = new OracleCommand("select count(*) from dept", myConn);
myConn.Open();
Int64 count = Convert.ToInt64(myCommand.ExecuteScalar());
Console.WriteLine(count);
myConn.Close();
' Password Authentication
Dim myConn As OracleConnection = New OracleConnection("Direct=True;Host=ssh://localhost;Port=1521;Service Name=orcl;User ID=scott;Password=tiger;")
myConn.SshOptions.AuthenticationType = SshAuthenticationType.Password
myConn.SshOptions.User = "sshUser"
myConn.SshOptions.Host = "sshServer"
myConn.SshOptions.Password = "sshPassword"
Dim myCommand As OracleCommand = New OracleCommand("select count(*) from dept", myConn)
myConn.Open()
Dim count As Int64 = Convert.ToInt64(myCommand.ExecuteScalar())
Console.WriteLine(count)
myConn.Close()
' Public Key Authentication
Dim myConn As OracleConnection = New OracleConnection("Direct=True;Host=ssh://localhost;Port=1521;Service Name=orcl;User ID=scott;Password=tiger;")
myConn.SshOptions.AuthenticationType = SshAuthenticationType.PublicKey
myConn.SshOptions.User = "sshUser"
myConn.SshOptions.Host = "sshServer"
myConn.SshOptions.PrivateKey = "E:\WORK\client.key"
Dim myCommand As OracleCommand = New OracleCommand("select count(*) from dept", myConn)
myConn.Open()
Dim count As Int64 = Convert.ToInt64(myCommand.ExecuteScalar())
Console.WriteLine(count)
myConn.Close()
See Also
Logging Onto The Server
| Connecting to Oracle using OracleCredential
| SSL/TLS Support in Direct Mode