SSH Tunneling

SSH tunneling is used to access servers on private networks (those not publicly accessible to the internet). Internal allows you to SSH tunnel into the following data sources: MySQL, PostgreSQL, and MongoDB.

Setting up SSH Tunneling

Before you can connect a data source through SSH tunneling, you'll need to set up your bastion host to allow Internal to connect.

First, create a user account for Internal. Below is a sample script for Ubuntu:


ec2-user@bastion:~$ sudo adduser internalio --disabled-password
Adding user `internalio' ...
Adding new group `internalio' (1003) ...
Adding new user `internalio' (1003) with group `internalio' ...
Creating home directory `/home/internalio' ...
Copying files from `/etc/skel' ...
Changing the user information for internalio
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] y

Next, copy Internal's public key:


ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBPdjNY88HqIHSTUJy+n2op8uVloj6Q1ULCBusn3SIZL51uzWsmHchBg2s+yOh2IEeRTYjvIYk0ISMoutv6mmAHM6qZkXSZzmQ0JNekwKJvIBjpiQThj/lHaSMp8WLIp9SQ==

To allow Internal to connect to your host, you will now need to edit the contents at the file /home/internalio/.ssh/authorized_keys to also include the contents of this public key in a newline.


# Login as root
sudo su

# Create the authorized_keys file if it does not exist yet
mkdir -p /home/internalio/.ssh
touch /home/internalio/.ssh/authorized_keys

# Use your favorite editor to add Internal's public key to the file
vim /home/internalio/.ssh/authorized_keys

# Set permissions on the authorized_keys file
chmod 664 authorized_keys

Add a Data Source

Once the above steps have been taken, you'll be able to use the private ip address for your database within the connection form to Add A New Data Source. Note that you'll need to check the "SSH tunneling" checkbox and provide your bastion host and port within the connection details.