Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Trying to make a JDBC connection to a litmis space through an ssh tunnel
#In terminal (makes the ssh tunnel from local port 23470 to server port 3470)
My-Machine:~ phpdave$ssh -L 23470:localhost:3470
#::NOTE:: We connect to 3470 because the documentation says "If the Toolbox's Proxy Server feature is selected, and is enabled on the IBM i (iSeries or AS/400), only port 3470 is needed."
#in JDBC setup using JTOpen driver
jdbc:as400://;proxy server=localhost:23470
#jtopen driver:
#When trying to test the connection was getting the error:
#channel 3: open failed: administratively prohibited: open failed
#might be an issue with sshd setting ```PermitTunnel yes``` needed in /etc/ssh/sshd_config
#look for existing ssh tunnels that are running
MyComputer:~ myuser$ ps aux | grep ssh
#see if port is open
MyComputer:~ myuser$ netstat -tln | grep 23470
#netcat on client
MyComputer:~ myuser$ nc -v localhost 23470
found 0 associations
found 1 connections:
outif lo0
src ::1 port 49428
dst ::1 port 23470
rank info not available
TCP aux info available
Connection to localhost port 23470 [tcp/*] succeeded!
MyComputer:~ myuser$ ssh -R 23471:localhost:3470 -v
debug1: Remote connections from LOCALHOST:23471 forwarded to local address localhost:3470
debug1: channel 0: new [client-session]
debug1: Requesting
debug1: Entering interactive session.
debug1: client_input_global_request: rtype want_reply 0
debug1: remote forward failure for: listen 23471, connect localhost:3470
Warning: remote port forwarding failed for listen port 23471
debug1: All remote forwarding requests processed

Server ports used by JTOpen (Toolbox for Java)

Maven Repo of JTOpen

Github of JT400 source

JDBC connection string with proxy

JDBC Properties

JTOpen info

ssh -L option

 -L [bind_address:]port:host:hostport
         Specifies that the given port on the local (client) host is to be
         forwarded to the given host and port on the remote side.  This
         works by allocating a socket to listen to port on the local side,
         optionally bound to the specified bind_address.  Whenever a con-
         nection is made to this port, the connection is forwarded over
         the secure channel, and a connection is made to host port
         hostport from the remote machine.  Port forwardings can also be
         specified in the configuration file.  IPv6 addresses can be spec-
         ified with an alternative syntax:
         [bind_address/]port/host/hostport or by enclosing the address in
         square brackets.  Only the superuser can forward privileged
         ports.  By default, the local port is bound in accordance with
         the GatewayPorts setting.  However, an explicit bind_address may
         be used to bind the connection to a specific address.  The
         bind_address of “localhost” indicates that the listening port be
         bound for local use only, while an empty address or ‘*’ indicates
         that the port should be available from all interfaces.

SSH Tunneling explained

channel 3: open failed: administratively prohibited: open failed

might try

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment