Configure database Connection with SSH tunnel In most cases, you want to configure the SSH bastion to accept inbound Connections only on the SSH port (typically 22) and only for the Etlworks Integrator instance public IP address. The bastion host is going to use the hostname specified on the ssh command line, so if it can’t resolve the name, the Connection will fail. Ensure that name resolution is working - both from the Etlworks Integrator instance to the bastion as well as from the bastion to the remote instances. You can use the same key for both the bastion host and the remote instances or different keys. Ensure you have public key authentication properly configured, both on the bastion host as well as the remote instances. This diagram illustrates the concept of using an SSH bastion host to provide access to on-premise databases running inside the corporate network behind the firewall. You can ask the Etlworks Integrator to generate a pair of keys for you.You can generate a pair of keys yourself and use the private key to configure the SSH tunnel.When it comes to generating keys, you have the following options: SSH public-key authentication relies on asymmetric cryptographic algorithms that generate a pair of separate keys (a key pair), one private and the other public. The use of public-key authentication isn’t required, but using it is highly advised. Any data transported between the Etlworks Integrator cloud instance and the remote server will go through the SSH first, be encrypted, and then pass securely to the other end. ![]() When you connect to a remote database instance, an SSH tunnel will link a port on the Etlworks Integrator cloud instance to a port on a remote host and encrypt that Connection. Using SSH Tunnel is a good security practice to prevent unwanted third parties from interfering with the connection and damaging the database. Databases may be configured to now allow direct access from remote servers for security reasons.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |