Secure Data Transfer with SSH Tunnelling

Secure Shell (SSH) is a cryptographic network protocol that establishes a secure channel in a client-server architecture. It enables the operation of network services over unsecured and thus potentially vulnerable networks, linking an SSH client application with an SSH server.

At Dataddo, we prioritize the security and reliability of data transfers. Our platform offers advanced users the capability to implement SSH tunneling, which guarantees the safe transport of data to a diverse range of data storage destinations, be they on-premises or cloud-based.

Prerequisites

You can refer to the architecture as illustrated in the schema below.

Authentication Using a Public/Private Key Pair

We recommend using a public and private key pair for authentication. While password-based authentication is an option, it's less secure and not recommended. As illustrated in the schema above, ensure

• The private key is provided to Dataddo, and
• The public key is uploaded to the SSH Bastion server.

Utilize an Existing Public/Private Key Pair

If you already have a public/private key pair, you can use it with Dataddo. To do this:

1. Provide Dataddo with the private key.
2. Ensure the public key is uploaded to your SSH Bastion Server.

To upload the private key to Dataddo:

1. Go to the Security page and navigate to the Certificates tab.
2. Click on Add Certificate.
   1. Name your certificate.
   2. For certificate type, select RSA Private Key
   3. Upload your private key.
3. Save your certificate.

Generate a New Private/Public Key Pair in Dataddo

Alternatively, Dataddo can generate a public/private key pair for you. In this scenario, you only need to ensure that the public key is uploaded to your SSH Bastion Server.

1. In Dataddo, navigate to the Security page.
2. Switch to the Certificates tab and click on New Certificate.
3. On the default Generate Certificate tab
   1. Name your private/public key pair,
   2. Select the appropriate private key bits,
   3. Click on Generate.
4. Copy the generated public key and upload it to your SSH Bastion Server. The key can be displayed only once.

Configuring SSH Tunnel to Data Destination

Dataddo supports SSH tunneling for a variety of systems, including, but not limited to, Redshift, SQL Server, MySQL or Postgres.

To establish a connection via an SSH tunnel, follow these steps:

1. Navigate to Authorizers and click on Authorize New Service to select a service or system of your choice (e.g. MySQL, Postgres, Redshift ...).
2. Fill in the standard database connection details.
3. Choose Yes for the Use SSH tunnel field.
4. Input the necessary information for your SSH bastion server:
   1. SSH Server IP or Hostname: Enter the public IP address or hostname of your SSH server. Ensure your firewall settings permit incoming connections from Dataddo IPs.
   2. SSH Server Port: Specify the port for the SSH connection (the default is usually 22).
   3. SSH Server Username: Provide the username for authentication.
   4. SSH Server Password: Provide the password for authentication. For certificate-based authentication, leave the field empty and select your certificate instead.
   5. Certificate: For certificate-based authentication, attach the appropriate certificate. Refer to this section, if you need to upload or generate a certificate.