oracle tns 12574,TNS-12546,TNS-12560和TNS-00516错误

referece：

ORA-12547 While Client Connecting Via SSH Tunnel [ID 454252.1]

修改时间 12-AUG-2009     类型 PROBLEM     状态 MODERATED

In this Document

Symptoms

Cause

Solution

This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process, and therefore has not been subject to an independent technical review.

Applies to:

Oracle Net Services - Version: 9.2 to 10.2

This problem can occur on any platform.

Symptoms

Client connection via SSH Tunnel fails  with ORA-12547  with IP Filter (TCP Valid Node checking)  enabled on the database server.

ie, even if the client IP address is listed in the tcp.invited_nodes , when the client connects via the SSH Tunnel (with port forwarding enabled on the client side) it errors with ORA-12547.

#sqlplus scott/tiger@ssh

ERROR:

ORA-12547: TNS:lost contact

Cause

Client was configured for port forwarding via the SSH tunnel.

Screen shot of Puuty Port forwarding configuration:

---------------------------------------------------

Putty event log should show the following if the port forwarding is enabled:

Putty Event Log:

----------------

2007-08-13 09:50:16 Initialised AES-256 client->server encryption

2007-08-13 09:50:16 Initialised HMAC-SHA1 client->server MAC algorithm

2007-08-13 09:50:16 Initialised AES-256 server->client encryption

2007-08-13 09:50:16 Initialised HMAC-SHA1 server->client MAC algorithm

2007-08-13 09:50:24 Sent password

2007-08-13 09:50:36 Access granted

2007-08-13 09:50:36 Opened channel for session

2007-08-13 09:50:36 Local port 127.0.0.1:1500 forwarding to 192.168.1.45:1521

2007-08-13 09:50:36 Allocated pty (ospeed 38400bps, ispeed 38400bps)

2007-08-13 09:50:36 Started a shell/command

2007-08-13 09:53:04 Opening forwarded connection to 192.168.1.45:1521

Client tnsnames.ora:

-----------------------

SSH =

(DESCRIPTION =

(ADDRESS_LIST =

(ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1500))

)

(CONNECT_DATA =

(SERVICE_NAME = db10gr2)

)

)

Server sqlnet.ora:

-------------------

tcp.validnode_checking = yes

TCP.INVITED_NODES=(192.168.1.47)          ---> client Ip address

Listener log:

---------------

13-AUG-2007 10:13:18 * 12546

TNS-12546: TNS:permission denied

TNS-12560: TNS:protocol adapter error

TNS-00516: Permission denied

The server (sshd ) Ip address was not listed in tcp.invited_nodes  in the sqlnet.ora of the database server.

The ssh deamon is running on the database server and the tcp.invited_nodes does not contains the DB sever hostname and hence the client fails with ORA-12547 error.

It is the sshd which receives the traffic from the tunnel and hand over it to listener. As far as

the listener is concerned, the connection is coming from database server host itself.

Solution

To have the client connection working via the SSH Tunnel with port forwarding enabled you need to have the DB server hostname/Ip address listed in the tcp.invited_nodes in the server sqlnet.ora.

tcp.validnode_checking = yes

TCP.INVITED_NODES=(192.168.1.45)    --> server IP address