Connecting via SSH Tunnel
This page walks through the Secoda and Connecting via SSH integration that Secoda supports
Depending on how your environment is setup, the following may differ (but the general idea is the same). Tunnels require you to run
sshdon a Bastion host accessible from the public internet. Our systems will open an SSH connection to your Bastion, then open a port forwarding connection to the private service that you specify. Ensure your Bastion host has whitelisted our NAT Gateway address: 35.175.75.15On your Bastion host:
nano ~/.ssh/authorized_keys
Add the public key we provided you from the https://app.secoda.co/tunnels/new interface, do not use the following, it is just an example. On your Bastion host:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMRSB7sRm7HwEUC/TbvBtKKWLYgt1P8K+Xs5CyPqHVKqGbHThhx9HCqxqoVagGBIcdlImfJIBy0PuRKj9/H994o5Vxc5irQ/fpw1jx71sdSGA4Bgn38/qQaRyU7YS0PUZ7JC4otjKHP2k7vgC3/pYcR/A2g0fg/31lORjWqLjMsxrwQGbI6Mw56fwfqMXrAm/BZaK6nHUHRTZkdNgozENZQTYyptjv/vkpGgZoTAOeeY+UK0A30nOVB4Gv+3f0P/50K+CHQJO1t8SXJIJNs2h6qWPwiHLN9+2soWCu7ojH/a9keOSj+i/SDpu8calZl0qxaoFQwYbcXyH1X7Xr5MY2GTJyuzc4UatvNVJrSsAv/Wm+9jQLWNuGtdtoUUi6uTCukMxD10uvgNvGqoPfAWdUFVKbvRywWaPXd0FuaqeEt/I/sYEy2lP53Pf4DtAouCphmwHDVMaK4GEJwHwRAdJ34dR8oB4KDrz1mxjeopD/HN97hUa/O6fMy3oGY/XIZPVwivyGP3P7mIbmryIjGT15xVFr08cSY2h90P+/tWWAkkCVxcdn5vX3X7sqUFBDiPYQRPj5rpKgOgxoNTEzWWV8hkyXqSsO9mQmlkCMV0XndOwY64IoxBm8k+GKVI29ZzMrmpNLZi2L3SYA0oSgssORMghuyk8kfW9ZnUB5ptm+MQ== [[email protected]](<mailto:[email protected]>)
If you're having trouble establishing a connection with a standard tunnel, check the following:
- Check that the Secoda IP
35.175.75.15is whitelisted on your Bastion host. - Check that the public key we provide you on tunnel creation is in their
~/.ssh/authorized_keysfile. - Check permissions on the user’s SSH files.
~/.sshdirectory should be0700~/.ssh/authorized_keysfile should be0644
- Check that the Bastion host can network to your warehouse.
nc -z $warehouse_host $warehouse_port
- Check that you can use the bastion host from your personal machine. You will need to use your own private and public keys, not the public key from the above step. Replace the values where appropriate.ssh -L localhost:1111:<POSTGRES_URL_OR_IP>:5432 -i <PRIVATE_KEY_NAME>.pem <BASTION_USER>@<BASTION_IP> psql -h localhost -P 1111 -U secodapostgres
If all else fails, reach out to our team via Slack or Intercom.
Last modified 1yr ago