Skip to content

feat(connect): add --server-name flag for tunneled connections#678

Open
jimmystridh wants to merge 6 commits intomicrosoft:mainfrom
jimmystridh:feature/server-name-override
Open

feat(connect): add --server-name flag for tunneled connections#678
jimmystridh wants to merge 6 commits intomicrosoft:mainfrom
jimmystridh:feature/server-name-override

Conversation

@jimmystridh
Copy link

@jimmystridh jimmystridh commented Jan 29, 2026
edited
Loading

Problem

When connecting to Azure SQL through an SSH tunnel or proxy (e.g., 127.0.0.1:11433), connections fail because SQL Server validates the hostname in the TDS LOGIN7 packet. The server receives 127.0.0.1 as the server name and rejects it with "Cannot open server '127.0.0.1' requested by the login".

Current workaround requires adding /etc/hosts entries mapping the real server name to 127.0.0.1.

Fixes #576

Solution

Add a --server-name flag that specifies the server name to send in the login packet, separate from the dial address (-S).

# Connect via tunnel on localhost:11433, authenticate as the real server
sqlcmd -S 127.0.0.1,11433 --server-name myserver.database.windows.net \
    -U myuser -P mypass -N -C

Implementation

  • Add ServerNameOverride field to ConnectSettings
  • Build the connection string using the override host/instance (so LOGIN7 uses the override)
  • Use a proxy dialer that rewrites the network dial target back to the original -S host/port
  • Skip override for named pipes

@jimmystridh
feat(connect): add --server-name flag for tunneled connections
611d165 
Allows specifying the server name sent in the TDS LOGIN7 packet
separately from the dial address. Fixes connections through SSH
tunnels or proxies to Azure SQL where the server validates hostname.

Refs: microsoft#576
@jimmystridh
Copy link
Author

jimmystridh commented Jan 29, 2026

@microsoft-github-policy-service agree

@dlevy-msft-sql dlevy-msft-sql added enhancement New feature or request Size: S Small issue (less than one week effort) labels Jan 30, 2026
Copilot AI reviewed Jan 30, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds support for overriding the server name used during TDS login (and related connection metadata) so sqlcmd can connect through tunnels/proxies (e.g., 127.0.0.1:11433) while authenticating as the real Azure SQL hostname.

Changes:

  • Introduces ConnectSettings.ServerNameOverride and applies it when building the connection string.
  • Adds a proxyDialer to rewrite the actual dial target while keeping the overridden server name for login.
  • Adds unit tests covering the new connection string behavior and dialer behavior.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
pkg/sqlcmd/connect.go Adds ServerNameOverride and applies it during connection string construction.
pkg/sqlcmd/sqlcmd.go Attempts to attach a custom dialer when ServerNameOverride is set.
pkg/sqlcmd/dialer.go Implements a dialer that rewrites dial host/port while reporting an overridden hostname.
pkg/sqlcmd/dialer_test.go Adds unit tests for proxyDialer.
pkg/sqlcmd/sqlcmd_test.go Extends connection string tests to cover ServerNameOverride.

Copilot AI reviewed Jan 30, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Copilot AI reviewed Jan 31, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

@jimmystridh
Copy link
Author

jimmystridh commented Feb 3, 2026
edited
Loading

Addressed the remaining review notes:

  • If --server-name is set but the connector isn’t *mssql.Connector, we now return an explicit error instead of silently changing the DSN host (commit c6f6ec4).
  • proxyDialer now embeds a zero-value net.Dialer to avoid a race on lazy init (commit c6f6ec4).
  • Added a named-pipe override test to ensure ServerNameOverride is ignored for np connections (commit c6f6ec4).
  • The --server-name flag wiring is included in cmd/sqlcmd/sqlcmd.go in the same commit.

Copilot AI reviewed Feb 3, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

shueybubbles
shueybubbles reviewed Feb 3, 2026
View reviewed changes
pkg/sqlcmd/sqlcmd.go
targetPort: targetPort,
}
} else {
return localizer.Errorf("Server name override is not supported with the current authentication method")
Copy link
Collaborator

@shueybubbles shueybubbles Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

localizer.Errorf(

run build\build to generate localization files with the new strings

Copy link
Collaborator

@shueybubbles shueybubbles Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or maybe just go generate but I'm not sure

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shueybubbles shueybubbles shueybubbles left review comments

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@jimmystridh jimmystridh

@dlevy-msft-sql dlevy-msft-sql

Labels

connectivity enhancement New feature or request Size: S Small issue (less than one week effort)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Provide a way to specify target server hostname or specify username when authenticating with Azure AD CLI

3 participants

@jimmystridh @shueybubbles @dlevy-msft-sql