Secure Data Transfer with SSH Tunnelling in Dataddo

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server.

At Dataddo, we understand the critical importance of secure and reliable data transfers. Our platform provides the functionality for advanced users to set up SSH tunnelling, ensuring the secure transport of their data to various data storage destinations. Whether your storage solutions are on-premises or cloud-based, we've got you covered.

How to Set Up SSH Tunnelling in Dataddo

To setup SSH tunneling with Dataddo, make sure that there is a SSH Bastion server (aka jump or gateway server) with the accessibility to your private network. Also, ensure that the incoming SSH connection to this server is allowed from Dataddo IPs. The architecture is as described on the schema below.

Authentication via Public/Private Key Pair

The recommended approach for authentication is to use public and private keypair. It is also possible to use authentication via password, but this is not recommended. As described in the schema above, you need to make sure that Private Key is provided to Dataddo and Public Key is uploaded to the SSH Bastion Server.

Using existing Public/Private Key Pair

You can use the Public/Private Key Pair you already posses. In order to do so you need to upload the Private Key to Dataddo and make sure that Public Key is uploaded to your SSH Bastion Server.

Please follow these steps to upload a private key To Dataddo:

1. Click on top-right corner, select Security and tab Certificates.
2. Click on Add Certificate, select RSA Private Key and select the private key to upload.

Generating new Public/Private Key Pair

Other option is to let Dataddo generate Public/Private Key Pair for you. This this case you only need to ensure that Public Key is uploaded to your SSH Bastion Server.

Please contact us for this option.

Configuring SSH Tunnel to Data Destination

SSH tunnelling is available for many systems supported by Dataddo, including but not limited to Redshift, SQL Server, MySQL or Postgres.

Please follow these steps to set a connection via SSH Tunnel:

1. Navigate to Authorizers, click on Authorize New Service and select a service or system of your choice (e.g. MySQL, Postgres, Redshift ...).
2. Set Use SSH tunnel to Yes.
3. Besides standard DB connection details, fill in the credentials for your SSH bastion server.
   1. SSH Server IP or Hostname. A public IP or hostname of your SSH server. Make sure that the firewall is configured to allow incoming connections from Dataddo IPs.
   2. SSH Server Port. A port for SSH connection (standard is 22) on your server.
   3. SSH Server Username. Username for authentication.
   4. SSH Server Password. Password for authentication. Use only for password-based authentication. For certificate-based authentication, leave the field empty and provide certificate.
   5. Certificate. Certificate for certificate-based authentication. You can upload and generate certificate in Security settings.