Accessing a Custom Database through SSH Tunnel by using scripts

Continuing the discussion from Best practices for accessing a custom DB via an SSH tunnel:

I realised that the option is for node.js application were you can include modules as ssh2 externally to the login script. Im using Laravel with a configuration that only allows us to us SSH Keys to connect to the database server (im creating servers using forge).

ChatGPT wrote: In a standalone Node.js application, you can use NPM packages like ssh2 or tunnel-ssh to establish an SSH connection with your database. However, within Auth0 Custom Database scripts, you cannot import custom NPM packages like these.

That’s why the suggested approach is to create a secure external API on your server using Node.js or any other server-side technology that supports SSH connections. This API will handle the SSH tunnel and database operations. Then, from your Auth0 Custom Database script, make HTTP requests to your external API for user registration and authentication.

This way, you can manage the SSH connection and database operations on your server, while using Auth0 for user authentication and authorization."

Can you help me understanding if its possible to connect through scripts using SSH tunnel or if its only possible to database with direct user/pass connection only?.

Really its a weird situation taking into consideration that SSH Keys is one of the best ways to enhance security. any help appreciated.

1 Like

Hi @siherrera,

Welcome to the Auth0 Community! Let’s take a look.

This is incorrect (and also a misunderstanding of the architecture you’re looking for). You can use the npm ssh2 package in a Custom DB script. Packages available in Custom DB scripts are listed here.

It should be possible to connect directly to your DB via SSH. What type of DB are you using? (MySQL, PSQL, etc.)

I connected not using ssh. One of the things that surprise me is that you need to use mysql legacy 5 and mysql 8 authentication is not supported. Regarding your answer I checked but I have some doubts.

The code you provided is a Node.js example using the ssh2 library to connect to a remote server via SSH and execute a command (in this case, the uptime command). If you want to use a similar approach in a PHP Laravel application, you can use the phpseclib library, which provides similar functionality for PHP.

Here’s an example of how you can use the phpseclib library to connect to a remote server via SSH and execute a command:

First, install the phpseclib library using Composer:

composer require phpseclib/phpseclib

(but its not possible in my knowledge to run libraries)

if this is possible to do this I can create a code like:

<?php

require_once 'vendor/autoload.php';

use phpseclib3\Net\SSH2;
use phpseclib3\Crypt\PublicKeyLoader;

$host = '192.168.100.100';
$username = 'frylock';
$privateKeyPath = '/path/to/my/key';

$privateKey = PublicKeyLoader::load(file_get_contents($privateKeyPath));

$ssh = new SSH2($host);
if (!$ssh->login($username, $privateKey)) {
    exit('Login Failed');
}

echo $ssh->exec('uptime');

This script connects to the remote server using the provided host, username, and private key. If the login is successful, it executes the uptime command and prints the output. Note that this is a plain PHP script.

But as I wrote, I believe its not possible to run libraries and these packages are for node.js developments. let me know your thoughts.

@siherrera,

I’m a little bit confused by your response.

In custom DB scripts you can only run nodeJS, there is no support for other runtimes/languages (including PHP or Laravel).

Custom DB Scripts support a selected list of node packages (libraries), I linked to the list in my previous post. This list includes node’s mysql.

Node mysql supports SSH connections.

Please let me know if I am missing something, thank you.

well that was the question about. if the solution for ssh is only suitable are using node.js or if you can run the script and connect using SSH to a mysql database.

in my experience based on 3 days of practice:

  • you can connect to mysql using customs script but not using ssh. So I made a new database with password/ssl connector to work around.
  • mysql connects to legacy authentication system, so you have to downgrade from mysql 8 to mysql 5 based on custom script error response. when you downgrade the system connects.

thats my experience.

Okay, I think I understand. You would like to not use Node JS to set up the SSH connection.

A custom DB script must use NodeJS, but you can set up an SSH connection with node.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.