How to Login to Oracle Cloud Database using SSH tunnel

When a oracle database cloud instance is created, network access to the instance is limited to Secure Shell (SSH) connections on port 22. This access restriction ensures that the instance is secure by default.

You can either ask your cloud service administrator to open ports or, as you will learn in this tutorial, you can use SSH client software to create an SSH tunnel to connect securely to the database and its tools. Several SSH clients are freely available, including the SSH utility on Linux platforms and the PuTTY utility on Windows platforms.

How to Login to Oracle Cloud Database on port 1521 using SSH tunnel with Putty Utility

  1. First login to Oracle cloud service

you can go to, click Sign In, and select the Public Cloud Services value for your region from the My Services – Select Data Center dropdown list. Either way you must provide an identity domain, user name, and password to sign in.

  1. Identify your service and click on it
  2. Make a note of the public IP address for the server
  3. Create SSH tunnel

Find putty.exe in the PuTTY folder on your computer, for example, C:\Program Files (x86)\PuTTY. Double-click putty.exe. to open it.

The PuTTY Configuration window is displayed, showing the Session panel.

In the Host Name (or IP address) box, enter the IP address of the VM. Leave the port number at the default 22 and Make sure connection type is SSH

In the Category tree, expand Connection if necessary and then click Data.

The Data panel is displayed.

In autologin, put OPC as the username

In the Category tree, click SSH.

The Options controlling SSH connections panel is displayed.

Under Protocol options, check Don’t start a shell command at all.

This optional step ensures that only the SSH tunnel is enabled. You will not be able to use the SSH session to run commands in the command shell (although you will be able to enter the passphrase for your SSH key, as prescribed later in this tutorial).

In the Category tree, expand SSH, and then click Auth.

In the Select private key file window, click PuTTY Private Key Files (.ppk) to find and open the private key file that matches the public key used when the instance was created.

In the Category tree, click Tunnels.

The Options controlling SSH port forwarding panel is displayed.

In the Destination box, enter database_server_ip:1521, where database_server_ip is the public IP address for the Database Server that you found and recorded earlier in this tutorial. Also select Local and Auto, if they aren’t already selected.

In the Source Port box, type 1521, to match the the VM’s port number.

Click Add to add the forwarded port. The local and remote ports appear in the Forwarded ports list.

In the Category tree, click Session. to display the Session panel again.

In the saved session ,type test_cloud to identify that setting and then save

Now we can use test_cloud anytime by selecting it and pressing the load button

Click Open to open the connection to the VM. If this is the first time you are connecting to the VM, the PuTTY Security Alert window is displayed, prompting you to confirm the public key.

Click Yes to continue connecting.

The PuTTY Configuration window closes and the PuTTY command window is displayed. The user name is the value you supplied earlier, in the Auto-login username box in step 5.

When prompted, enter the passphrase for the key, if one was defined.

Now the SSH tunnel is created

Now you can connect to the Oracle cloud database using localhost:1521 in SQL Developer

How to Login to Oracle Cloud Database on port 1521 using SSH tunnel with Linux client


$ ssh -i private-key-file -L local-port:target-ip-address:target-port opc@target-ip-address

private-key-file is the path to the SSH private key file.

local-port is the number of an available port on your Linux system. Specify a port number greater than 1023 and less than 49152 to avoid conflicts with ports that are reserved for the system. As a good practice, and for the sake of simplicity, you should specify the same port number as the one to which you are creating a tunnel.

target-ip-address is the IP address of the target compute node in x.x.x.x format.

target-port is the port number to which you want to create a tunnel.

If this is the first time you are connecting to the target compute node, the ssh utility prompts you to confirm the public key. In response to the prompt, enter yes.
After the SSH tunnel is created, you can access the port on the target compute node by specifying localhost:local-port on your Linux system

Leave a Reply