Connecting via SSH Tunnel
This page walks through the Secoda and Connecting via SSH integration that Secoda supports
Depending on how your environment is setup, the following may differ (but the general idea is the same). Tunnels require you to run
sshd
on a Bastion host accessible from the public internet. Our systems will open an SSH connection to your Bastion, then open a port forwarding connection to the private service that you specify. Ensure your Bastion host has whitelisted our NAT Gateway address: 35.175.75.15
On your Bastion host:
nano ~/.ssh/authorized_keys
Add the public key we provided you from the https://app.secoda.co/tunnels/new interface, do not use the following, it is just an example. On your Bastion host:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMRSB7sRm7HwEUC/TbvBtKKWLYgt1P8K+Xs5CyPqHVKqGbHThhx9HCqxqoVagGBIcdlImfJIBy0PuRKj9/H994o5Vxc5irQ/fpw1jx71sdSGA4Bgn38/qQaRyU7YS0PUZ7JC4otjKHP2k7vgC3/pYcR/A2g0fg/31lORjWqLjMsxrwQGbI6Mw56fwfqMXrAm/BZaK6nHUHRTZkdNgozENZQTYyptjv/vkpGgZoTAOeeY+UK0A30nOVB4Gv+3f0P/50K+CHQJO1t8SXJIJNs2h6qWPwiHLN9+2soWCu7ojH/a9keOSj+i/SDpu8calZl0qxaoFQwYbcXyH1X7Xr5MY2GTJyuzc4UatvNVJrSsAv/Wm+9jQLWNuGtdtoUUi6uTCukMxD10uvgNvGqoPfAWdUFVKbvRywWaPXd0FuaqeEt/I/sYEy2lP53Pf4DtAouCphmwHDVMaK4GEJwHwRAdJ34dR8oB4KDrz1mxjeopD/HN97hUa/O6fMy3oGY/XIZPVwivyGP3P7mIbmryIjGT15xVFr08cSY2h90P+/tWWAkkCVxcdn5vX3X7sqUFBDiPYQRPj5rpKgOgxoNTEzWWV8hkyXqSsO9mQmlkCMV0XndOwY64IoxBm8k+GKVI29ZzMrmpNLZi2L3SYA0oSgssORMghuyk8kfW9ZnUB5ptm+MQ== [[email protected]](<mailto:[email protected]>)
If you're having trouble establishing a connection with a standard tunnel, check the following:
- Check that the Secoda IP
35.175.75.15
is whitelisted on your Bastion host. - Check that the public key we provide you on tunnel creation is in their
~/.ssh/authorized_keys
file. - Check permissions on the user’s SSH files.
~/.ssh
directory should be0700
~/.ssh/authorized_keys
file should be0644
- Check that the Bastion host can network to your warehouse.
nc -z $warehouse_host $warehouse_port
- Check that you can use the bastion host from your personal machine. You will need to use your own private and public keys, not the public key from the above step. Replace the values where appropriate.ssh -L localhost:1111:<POSTGRES_URL_OR_IP>:5432 -i <PRIVATE_KEY_NAME>.pem <BASTION_USER>@<BASTION_IP> psql -h localhost -P 1111 -U secodapostgres
If all else fails, reach out to our team via Slack or Intercom.
Last modified 1yr ago