SSH Tunneling

SSH tunneling is used to access servers on private networks (those not publicly accessible to the internet). Internal allows you to SSH tunnel into the following data sources: PostgreSQL, MySQL, Microsoft SQL Server, and MongoDB.

Add a data source

In the Add Data Source screen, select your database, add in your connection details and check the “SSH tunneling” checkbox. A new section will appear for you to provide your bastion user, host, and port. At the bottom, you’ll also find your SSH public key for Internal.

Setting up your bastion host

First, create a user account for Internal. Below is a sample script for Ubuntu.

ec2-user@bastion:~$ sudo adduser internalio --disabled-password
Adding user `internalio' ...
Adding new group `internalio' (1003) ...
Adding new user `internalio' (1003) with group `internalio' ...
Creating home directory `/home/internalio' ...
Copying files from `/etc/skel' ...
Changing the user information for internalio
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] y


Next, edit the contents at the file /home/internalio/.ssh/authorized_keys to also include your SSH public key in a newline. Your SSH public key can be found below the bastion host and port input fields in your Internal account.

# Login as root
sudo su

# Create the authorized_keys file if it does not exist yet
mkdir -p /home/internalio/.ssh
touch /home/internalio/.ssh/authorized_keys

# Use your favorite editor to add Internal's public key to the file
vim /home/internalio/.ssh/authorized_keys

# Set permissions on the authorized_keys file
chmod 664 /home/internalio/.ssh/authorized_keys




The examples above uses internalio as the username but you can set any username.

Creating a new IAM user in AWS

See docs on AWS Configuration for detailed steps.