1
Confirm Network Path
Your bastion host must reach the private database endpoint and port.
Private Network Access
Bastion Connection Guide
Use this guide when your datasource is behind a private network and direct public access is not allowed. Configure SSH tunneling securely for supported connectors.
Supported: PostgreSQLSupported: SQL ServerMySQL SSH: Not in current runtime path
Overview
The backend can establish a temporary local tunnel through a bastion host and route database traffic to private targets. Tunnels are opened for runtime operations and closed after use.
SSH Configuration Fields
| Field | Required | Description |
|---|---|---|
| useSshTunnel | Yes | Enable SSH-based bastion route. |
| sshHost | Yes | Bastion host DNS or IP. |
| sshPort | No | SSH port; defaults to 22. |
| sshUsername | Yes | SSH login username. |
| sshAuthMethod | No | password or privateKey. |
| sshPassword | Conditional | Required when password auth is used. |
| sshPrivateKey | Conditional | Required when private key auth is used. |
| sshPassphrase | No | Optional passphrase for encrypted private keys. |
Supported Connector Scope
- Postgres connector supports SSH tunnel fields.
- SQL Server connector supports SSH tunnel fields.
- MySQL SSH tunneling is not currently documented as active in this backend path.
Customer Setup Flow
2
Enter SSH Fields
Provide bastion host, username, and password/private key details in connection config.
3
Run Connection Test
Validate tunnel creation and datasource authentication before extraction.
4
Go Live
Start preview/extraction once connection test passes and monitor successful runs.
Troubleshooting Checklist
- Confirm backend network can reach bastion host and SSH port.
- Validate bastion can reach target database host and port.
- Check SSH auth method and credentials/key correctness.
- Increase connector timeout when private-network latency is high.
- Ensure DB-side firewall allows bastion source IP.
Keep all secrets out of static docs. Use placeholder values in examples.