- 2 Minutes to read
- DarkLight
Secure Data Transfer with SSH Tunnelling
- 2 Minutes to read
- DarkLight
Secure Shell (SSH) is a cryptographic network protocol that establishes a secure channel in a client-server architecture. It enables the operation of network services over unsecured and thus potentially vulnerable networks, linking an SSH client application with an SSH server.
At Dataddo, we prioritize the security and reliability of data transfers. Our platform offers advanced users the capability to implement SSH tunneling, which guarantees the safe transport of data to a diverse range of data storage destinations, be they on-premises or cloud-based.
How to Set Up SSH Tunnelling
Prerequisites
To set up SSH tunneling in Dataddo, ensure that
- You have an SSH Bastion server (also known as a jump or gateway server) that can access your private network.
- The Bastion server accepts incoming SSH connections from Dataddo IPs.
You can refer to the architecture as illustrated in the schema below.
Authentication Using a Public/Private Key Pair
We recommend using a public and private key pair for authentication. While password-based authentication is an option, it's less secure and not recommended. As illustrated in the schema above, ensure
- The private key is provided to Dataddo, and
- The public key is uploaded to the SSH Bastion server.
Utilize an Existing Public/Private Key Pair
If you already have a public/private key pair, you can use it with Dataddo. To do this:
- Provide Dataddo with the private key.
- Ensure the public key is uploaded to your SSH Bastion Server.
To upload the private key to Dataddo:
- Go to the Security page and navigate to the Certificates tab.
- Click on Add Certificate.
- Name your certificate.
- For certificate type, select RSA Private Key
- Upload your private key.
- Save your certificate.
Generate a New Public/Private Key Pair
Alternatively, Dataddo can generate a public/private key pair for you. In this scenario, you only need to ensure that the public key is uploaded to your SSH Bastion Server. For this option, please contact us.
Configuring SSH Tunnel to Data Destination
Dataddo supports SSH tunneling for a variety of systems, including, but not limited to, Redshift, SQL Server, MySQL or Postgres.
To establish a connection via an SSH tunnel, follow these steps:
- Navigate to Authorizers and click on Authorize New Service to select a service or system of your choice (e.g. MySQL, Postgres, Redshift ...).
- Fill in the standard database connection details.
- Choose Yes for the Use SSH tunnel field.
- Input the necessary information for your SSH bastion server:
- SSH Server IP or Hostname: Enter the public IP address or hostname of your SSH server. Ensure your firewall settings permit incoming connections from Dataddo IPs.
- SSH Server Port: Specify the port for the SSH connection (the default is usually 22).
- SSH Server Username: Provide the username for authentication.
- SSH Server Password: Provide the password for authentication. For certificate-based authentication, leave the field empty and select your certificate instead.
- Certificate: For certificate-based authentication, attach the appropriate certificate. Refer to this section, if you need to upload or generate a certificate.