Overview
The backend can establish a temporary local tunnel through a bastion host and route database traffic to private targets. Tunnels are opened for runtime operations and closed after use — no persistent open connections are maintained.
SSH Configuration Fields
| Field | Required | Description |
|---|---|---|
| useSshTunnel | Yes | Enable SSH-based bastion route |
| sshHost | Yes | Bastion host DNS or IP |
| sshPort | No | SSH port; defaults to 22 |
| sshUsername | Yes | SSH login username |
| sshAuthMethod | No | password or privateKey |
| sshPassword | Conditional | Required when password auth is used |
| sshPrivateKey | Conditional | Required when private key auth is used |
| sshPassphrase | No | Optional passphrase for encrypted private keys |
Supported Connectors
PostgreSQLSupported
SQL ServerSupported
MySQLNot currently documented in this backend path
Setup Flow
- 1
Confirm Network Path
The bastion host must be able to reach the private database endpoint and port.
- 2
Enter SSH Fields
Provide the host, username, and either password or private key credentials in the connector setup form.
- 3
Run Connection Test
Validate the SSH tunnel and database authentication before saving the connector.
- 4
Go Live
Begin preview and extraction after a successful connection test.
Troubleshooting
- Confirm backend network connectivity to the bastion host and SSH port.
- Validate the bastion can reach the target database host and port.
- Check SSH authentication method and credential accuracy.
- Increase the connector timeout setting for high-latency scenarios.
- Ensure the database-side firewall allows the bastion source IP.
- Keep secrets out of static documentation — store only in workspace configuration.
Next: Return to Quickstart →