Learn how to configure an SSH tunnel to your SQL data sources.
Glide supports SSH tunneling for SQL data sources if they are hosted on a private network.
What is SSH Tunneling?
SSH tunneling allows users to securely access internal network resources by creating an encrypted connection. When using a bastion host, the process works like this:
The Bastion Host (aka SSH Server) as a Gateway:
The bastion host serves as a secure, controlled entry point to the private network.
It routes all traffic through an encrypted connection, shielding internal systems from direct exposure to the public internet.
How Users Connect:
Users first establish an SSH connection to the bastion host.
They then use the SSH tunnel feature to forward connections to specific internal servers within the network.
This setup ensures secure access to private resources while maintaining network integrity and security.
Configure SSH tunnelingโ
To securely connect your Glide app to your SQL database using SSH, you'll configure the app with connection details, copy its public key, and set up your SSH server to accept connections. Follow these steps to ensure a seamless and secure setup:
Configure your Glide app to use SSH and download the public key.
Nickname - this is used within the Glide app. It can be whatever you'd like.
Connection type - SSH (Secure Shell)
Host - localhost
Port 3306
Database - the name of your SQL database
SSH hostname - the hostname or IP address of your SSH server
SSH port - the port number of the SSH server
SSH user - the username to connect to the SSH server
Click Copy public key to capture the public key in your clipboard.
Configure your SSH server to allow connections from Glide.
Ensure it has a user account matching the one provided in the Glide app (step 'h' above)
Install the public key on your SSH server.
NOTE: Each Glide app has its own public key.
Example commands for creating a 'glide' user on your bastion host.
Ubuntu:
ec2-user@bastion:~$ sudo adduser glide --disabled-password
Adding user `glide' ...
Adding new group `glide' (1004) ...
Adding new user `glide' (1004) with group `glide' ...
Creating home directory `/home/glide' ...
Copying files from `/etc/s' ...
Changing the user information for glide
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
To authorize a Glide app to connect to the bastion host, add the contents of the public key from step two on a new line in /home/glide/.ssh/authorized_keys.
# Login as root
sudo su
# Create the authorized_keys file if it does not exist yet
mkdir -p /home/glide/.ssh
touch /home/glide/.ssh/authorized_keys
# Use your favorite editor to add Glide's public key to the file
vim /home/glide/.ssh/authorized_keys
# Set permissions on the authorized_keys file
chmod 644 /home/glide/.ssh/authorized_keys
# Change owner of authorized_keys file to Glide
chown glide:glide /home/glide/.ssh/authorized_keys