Find out more about SSH Tunnels, in general, here.

Connecting via SSH Tunnels

To connect to your database via an SSH tunnel, you will need to provide these credentials in the “Security” section of the connection flow:

  • SSH Server Hostname

  • SSH Server Port

  • SSH Username

  • SSH Key

    • There are two options for SSH keys, External Private Key or Explo Private Key. See the section below for more information about which to use.
  • (optionally) SSH Local Bind Port

SSH Keys

Our recommendation between the two options is to use Explo’s Private Key.

Explo Private Key:

  • You’ll be able to copy our public key and add it to your infrastructure under your chosen username (we recommend explo). This would set up the connection such that you would not need to exchange any private keys.

External Private Key:

  • You’ll pass in your RSA private key to Explo to utilize in authenticating with the SSH box.

SSH Configuration Recommendations

Check your SSH box’s sshd config (it’s normally located in /etc/ssh/sshd_config). We recommend setting MaxSessions and MaxStartups to 100.

Setting Up an SSH Bastion (aka Jump Box or Jump Server)

  1. Create a new host with a public static IP that has inbound network access secured with your network’s and Explo’s egress IPs.
  2. Create a new user (explo, for instance) on that host with password login disabled and with an authorized_keys file that contains Explo’s public key. This key can be found when adding a data source with an SSH tunnel in Explo.
  3. Connect to your database in the Explo application by specifying the above public static IP and username as part of the SSH tunnel configuration, choosing the Explo Private Key authentication option.


Please reach out to the Explo team at [email protected] if you have any questions.