Tunneled Microsoft SQL Connections
This document explains how to connect to a Microsoft SQL database through an encrypted TCP tunnel. We use the sqlcmd
command line utility, but the same tunnel can be used by GUI tools.
Long-lived connections behavior
tip
This example assumes you've already created a TCP route for this service.
Basic Connection
-
Create a TCP tunnel, using either
pomerium-cli
or the Pomerium Desktop client:- pomerium-cli
- Pomerium Desktop
pomerium-cli tcp mssql.corp.example.com:1433 --listen :1433
--listenThe
--listen
flag is optional. It lets you define what port the tunnel listens on locally. If not specified, the client will choose a random available port.Local AddressThe Local Address field is optional. Using it defines what port the tunnel listens on locally. If not specified, Pomerium Desktop will choose a random available port.
-
Initiate your $SERVICE connection, pointing to
localhost
:/opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P "YOURSTRONGPASSWORD"