Setup SSH tunnel for Taxdoo (connect JTL to Taxdoo)

Setup SSH tunnel for Taxdoo (connect JTL to Taxdoo)

For a secure connection to your MSSQL server, between Taxdoo and your server, it may make sense to set up an appropriate SSH tunnel.

For logging in to your new SSH tunnel server, you should definitely prefer logging in with keys, rather than passwords.

Using an SSH tunnel provides you with additional security because you don’t have to make the Microsoft SQL Server publicly available.

Attached you will find my instructions for setting up a user, depositing the Taxdoo public key and everything you need to set up your Taxdoo SSH tunnel.

We start by creating a new user on the Linux server:

sudo adduser --shell /bin/bash --disabled-password --ingroup 'users' taxdoo
sudo -i
sudo -H -u taxdoo ssh-keygen -t rsa
sudo vi /home/taxdoo/.ssh/authorized_keys

Now we need to insert Taxdoo’s public key into the open file (EINFG):

ssh- rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8jPWgjcx1Tktm8n3Jl36mB9aeApq+NzgddcfPYS16T9MZa9IQrYQnueiWp5A/M5PvJEYvLlm7tmkNmkHfu7ZjxjA9c7vVXxnH9D58n71TVUkpdRWYDVS94MmK92SHiH4UmWfnJm8cplDkPTU5GHvA9VNreyNWkB9L8fUDmliBBOcnbmJBq1Xqcp9f4BpYjtODTusuhfkM4l0G2gqeLkzRWwFQhpP9sedrdKsfoIyE6fnYQEiUULBpxdmXub1Epw7DNVuRo2n9lD8Db0LbHBqeb48rqQx+wIDCq0cCWwGUOGhXn1SldXL9U/fZahLJIgHcIaRAdbHdAq8ujbb6V/in taxdoo- jtl

we save with ESC :wq ENTER

and prevent accidental overwriting of the key:

chmod 0644 /home/taxdoo/.ssh/authorized_keys

Find out hostname for later SSH keyscan:

hostname -f

For security, the default SSH port should also be changed:

vi /etc/ssh/sshd_config

Change port to 254 and remove comment out (“#”) (EINFG), at the end a line should look like this:

port 254

we save with ESC :wq ENTER

Now we need to restart the SSH service:

sudo systemctl restart sshd.service

Now we still need to find out the fingerprint of our server, Taxdoo absolutely needs this. We can do that with the following command, the previously assigned port and the determined hostname:

ssh-keyscan -p 254 HOSTNAME | ssh-keygen -lf -

Just to be sure, check the MS-SQL server port again (on the Windows server) at

SQL Server Configuration Manager > SQL Server network configuration > Protocols for “DATABASE NAME” > TCP/IP double-click > IP addresses

Don’t forget: Unlock the SSH tunnel server IP in the firewall of the server your MSSQL server is running on

Enter data at Taxdoo under interfaces->JTL.

For those who find all this too complicated I am of course very happy to help, just contact me via my contact form.

Should you want to check if your JTL database server is actually reachable via the SSH tunnel, just install telnet with

apt-get install telnet

and then runs the following command:

telnet HOSTNAME PORT

If the port is not open, you will definitely notice it here.

If this is the case, you will need to check the firewall and security settings on your windows server again.

Leave a Reply

Your email address will not be published. Required fields are marked *