Connecting to Data Sources
SSH Tunnels
Connecting to Data Sources
SSH Tunnels
Intro
Find out more about SSH Tunnels, in general, here.
Connecting via SSH Tunnels
To connect to your database via an SSH tunnel, you will need to provide these credentials in the “Security” section of the connection flow:
-
SSH Server Hostname
-
SSH Server Port
-
SSH Username
-
SSH Key
- There are two options for SSH keys,
External Private KeyorExplo Private Key. See the section below for more information about which to use.
- There are two options for SSH keys,
-
(optionally) SSH Local Bind Port
SSH Keys
Our recommendation between the two options is to use Explo’s Private Key.
Explo Private Key:
- You’ll be able to copy our public key and add it to your infrastructure under your chosen username (we recommend
explo). This would set up the connection such that you would not need to exchange any private keys.
External Private Key:
- You’ll pass in your RSA private key to Explo to utilize in authenticating with the SSH box.
SSH Configuration Recommendations
Check your SSH box’s sshd config (it’s normally located in
/etc/ssh/sshd_config). We recommend setting MaxSessions and MaxStartups
to 100.
Setting Up an SSH Bastion (aka Jump Box or Jump Server)
- Create a new host with a public static IP that has inbound network access secured with your network’s and Explo’s egress IPs.
- Create a new user (
explo, for instance) on that host with password login disabled and with anauthorized_keysfile that contains Explo’s public key. This key can be found when adding a data source with an SSH tunnel in Explo. - Connect to your database in the Explo application by specifying the above public static IP and username as part of the SSH tunnel configuration, choosing the Explo Private Key authentication option.
Questions?
Please reach out to the Explo team at [email protected] if you have any questions.