Learn how to configure an SSH tunnel to your SQL data sources.
What is SSH Tunneling?
SSH tunneling allows users to securely access internal network resources by creating an encrypted connection. When using a bastion host, the process works like this:
The Bastion Host (aka SSH Server) as a Gateway:
The bastion host serves as a secure, controlled entry point to the private network.
It routes all traffic through an encrypted connection, shielding internal systems from direct exposure to the public internet.
How Users Connect:
Users first establish an SSH connection to the bastion host.
They then use the SSH tunnel feature to forward connections to specific internal servers within the network.
This setup ensures secure access to private resources while maintaining network integrity and security.
Configure SSH tunnelingβ
To securely connect your Glide app to your SQL database using SSH, you'll configure the app with connection details, copy its public key, and set up your SSH server to accept connections. Follow these steps to ensure a seamless and secure setup:
Configure your MySQL or PostgreSQL integration to connect to the SQL database through an SSH tunnel.
Nickname - this is used within the Glide app. It can be whatever you'd like.
Connection type - SSH (Secure Shell)
Host - Internal IP address or hostname of the SQL server
Port - MySQL default is 3306. PostgreSQL default is 5432.
Database - the name of the SQL database
SSH hostname - publicly accessible hostname or IP address of the SSH server
SSH port - the port number of the SSH server
SSH user - the username to connect to the SSH server
Click Copy public key to capture the public key in your clipboard. Paste this to a secure location for future reference. Each time Copy public key is clicked, a new key is generated.
Configure your SSH server to allow connections from Glide.
Ensure it has a user account matching the one provided in the Glide app (step '1.h' above)
Install the public key on your SSH server.
NOTE: Each Glide app has its own public key. A new key is generated each time Copy public key is clicked.
Example commands for creating a 'glide' user on your bastion host.
Ubuntu:
ec2-user@bastion:~$ sudo adduser glide --disabled-password
Adding user `glide' ...
Adding new group `glide' (1004) ...
Adding new user `glide' (1004) with group `glide' ...
Creating home directory `/home/glide' ...
Copying files from `/etc/s' ...
Changing the user information for glide
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
To authorize a Glide app to connect to the bastion host, add the contents of the public key from step two on a new line in /home/glide/.ssh/authorized_keys
.
# Login as root
sudo su
# Create the authorized_keys file if it does not exist yet
mkdir -p /home/glide/.ssh
touch /home/glide/.ssh/authorized_keys
# Use your favorite editor to add Glide's public key to the file
vim /home/glide/.ssh/authorized_keys
# Set permissions on the authorized_keys file
chmod 644 /home/glide/.ssh/authorized_keys
# Change owner of authorized_keys file to Glide
chown glide:glide /home/glide/.ssh/authorized_keys