Skip to main content
Feedback

Configuring Reverse SSH tunnel

info

Reverse SSH Tunnel is available to users on the Pro Plus plan.

Reverse SSH (Secure Shell) tunneling lets you securely connect to a device behind a firewall or NAT (Network Address Translation) remotely. You can set up a Reverse SSH Tunnel using Data Integration, letting remote access to services on the local machine.

  • Customer connectivity account (local machine): Data Integration provides customers a dedicated VPN within a dedicated account, designed to actively listen on a specified port for incoming SSH connections.

  • Client network (remote machine):

    • The Client Network runs the SSH protocol to establish a connection with the Customer Connectivity Account provided by Data Integration.
    • The connection is initiated from the Client Network to the Customer Connectivity Account, so-called "Reverse" SSH.

  • Tunnel establishment:

    • Once the SSH connection is established, a secure tunnel is created between the Client Network and the Customer Connectivity Account.
    • This tunnel lets traffic flow securely.

  • Bridging the Data Integration workers account and customer connectivity: The Data Integration Workers Account establishes a link with the Customer Connectivity Account, letting services operating within the Customer Connectivity Account be accessed by the Client Network as if they were running locally.

Reverse SSH Tunnel Diagram (7).png (LB - Load Balancer)

Prerequisites

  • The client’s Reverse SSH host (the machine initiating the tunnel) must have outbound internet access to Data Integration Reverse SSH endpoint for the tunnel to establish successfully.
  • Internal database hostname and port
  • Your SSH keys (Refer to step 1).
  • Public IP address (CIDR notation) of your SSH bastion host or proxy server.

Procedure

note

Make sure to execute all instructions within a Linux environment.

Step 1 - Generating SSH public key

  • On your SSH host, generate an SSH key pair.
  • Make a note of the key path you need for the setup.
  • Do not enter a password for the key file.
   ssh-keygen
  • View the contents of the public key:
   cat ~/.ssh/id_rsa.pub
  • Go to Data Integration and create an SSH key pair.
  • Submit a support ticket to Data Integration Support team, attaching both SSH keys.

Step 2 - Information Data Integration provides:

After completion of the setup on Data Integration side, Data Integration provides you with the following information:

  • Username for the SSH tunnel user (for instance, "data integration").
  • Reverse SSH IP address.
  • SSH high port (distinct for each connector instance, not a reserved port number).
note

To set the SSH high port number, you must include a single digit, typically 1, as a prefix to the source database port. For instance, when connecting to MySQL with a default port of 3306, it is recommended to use port 13306 for the SSH high port of your initial MySQL connector, port 23306 for the second connector, and so forth.

  • Internal IP address or name of the local database host machine.
  • Internal open port for communication with the database host.

Step 3 - Run the script

Replace the placeholder variables in the following script and run it on the SSH host in a single line:

autossh -M 0 -f -N -R `<SSH_HIGH_PORT>`:`<PRIVATE_DB_MACHINE_NAME_OR_IP>`:`<PRIVATE_DB_MACHINE_PORT>` rivery @`<Rivery_SUPPLIED_IP>` -g -i `<PATH_TO_PRIVATE_KEY>` -o ServerAliveInterval=10 -o ServerAliveCountMax=1 -o ExitOnForwardFailure=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
note
  • You can track the progress by removing the -f flag and adding the -v flag for verbose logging.
  • If you reuse the autossh script for the same SSH high port, terminate the original script before proceeding.

Step 4 - Setting up Data Integration database

After successfully establishing the Reverse SSH connection, enter the details into the Data Integration setup form for your database:

No.FieldValueDescription
1.Host127.0.0.1Lets your SSH host to handle port routing
2.Port{ SSH high port }For example, 13306. The port that your SSH host will translate
3.Database{ Database name }The name of the database you want to replicate
4.User{ Database user }The user account for accessing the database
5.Password{ Database user's password }The password associated with the database user
6.SSH Tunnel ToggleTrueWhen set to true, all SSH fields become visible
7.SSH Port22The port number for the SSH connection
8.SSH Hostname{ IP Address }Supplied by Data Integration
9.SSH UserData IntegrationThe user account used for the SSH connection
10.SSH Tunnel - Auto GeneratedKey Pair NameSelect the name of the auto-generated key pair that you have previously set up (For example, "Test")
note

Replace the placeholder variables with the corresponding values obtained during the setup process.

On this Page