Hevo can connect to your database via a Reverse SSH Tunnel. This connection method is available only under a business plan. Reverse SSH tunneling or remote port forwarding helps you connect to a remote (and private) network without needing a public gateway.
Unlike SSH, in which you establish a secure connection with a remote system and can receive and send data, reverse SSH operates differently. Here, the remote system connects with your local system. You can set up a connection to the remote system using an SSH client, which is pre-installed on most Linux-based systems. Hevo fetches data from your database system using this connection. As the original connection was formed from the remote system to your local system, it is called a reverse SSH.
Note: You can verify that SSH is installed on your Linux-based system by entering the ssh -V command in a terminal window.
The following diagram illustrates the steps to connect your Source database through reverse SSH in Hevo. The steps are also described in detail in the sections below.
Requesting a Reverse SSH Tunnel
To request a reverse SSH tunnel, contact Hevo either through the in-app support or by mailing us at [email protected] with the SSH public key you wish to connect with.
Once Hevo gets your request it creates an SSH user for your team and allocates a set of ports that you can use to tunnel the traffic. Hevo provides you the following details that you can use to set up the reverse SSH tunnel and configure your Source:
-
ssh_host: The hostname of the SSH instance.
-
ssh_user: The username you would be using to connect to the SSH instance. This applies to your entire team.
-
a set of remote_forward_ports: A list of ports that Hevo allocates to you for tunneling the traffic. You can use one port for each DB host you want to fetch the data from.
Connecting to the SSH Instance
To connect the reverse SSH host, do one of the following:
-
Run the following command:
ssh -f -N -R <REMOTE_FORWARD_PORT>:<DB_HOSTNAME_OR_IP>:<DB_PORT> <SSH_USER>@<SSH_HOST> -g -i <PATH_TO_PRIVATE_KEY> -o ServerAliveInterval=30 -o ServerAliveCountMax=1 -o ExitOnForwardFailure=yesRefer to the following table for the values of the variables.
Configuration Description <REMOTE_FORWARD_PORT> Any port from the list of ports allocated by Hevo to tunnel the traffic. <DB_HOSTNAME_OR_IP> The hostname or IP address of the DB instance you want to connect to. <DB_PORT> The port your database is listening on. <SSH_USER>@<SSH_HOST> -g -i The SSH user name provided to you by Hevo. <SSH_HOST> The hostname of the SSH server provided to you by Hevo. This starts with the region your account is created in. For example, us-tunnel.hevodata.com. <PATH_TO_PRIVATE_KEY> -o The path to the SSH private key available with you. ServerAliveInterval The interval in seconds, at which the server checks the connection. For example, 30, to indicate 30 seconds. ServerAliveCountMax The maximum number of server-alive messages for which a response may not be received before ssh disconnects from the server and terminates the session. For example, 1. -
Provide the settings using the SSH configuration file:
-
Edit your SSH config file, normally found at the path,
~/.ssh/config. -
Add the following reverse SSH settings to the file:
Host <SSH_HOST>user <SSH_USER>IdentityFile <PATH_TO_PRIVATE_KEY>ServerAliveInterval 30ServerAliveCountMax 1ExitOnForwardFailure yes -
Run the following command with the values of the variables as defined in the SSH config file. Specify the port number to be assigned to the database from the list provided by Hevo.
ssh -f -N -R <REMOTE_FORWARD_PORT>:<DB_HOSTNAME_OR_IP>:<DB_PORT> <SSH_HOST> -gIf you are using an SSH process manager, such as autossh, use the command:
autossh -M 0 -f -N -R <REMOTE_FORWARD_PORT>:<DB_HOSTNAME_OR_IP>:<DB_PORT> <SSH_HOST> -g
-
This sets up the reverse SSH tunnel.
Connecting the Database to Hevo
While connecting the database to Hevo, for the Database Host specify the <SSH_HOST>, and for the Database Port, specify the <REMOTE_FORWARD_PORT>.
Example
Let us suppose that you are configuring a MySQL Source and have:
-
A MySQL server (can also be a private subnet), and
-
An internet gateway with an ssh client installed with the following configuration:
-
Host: mysql-server.my-org.com
-
Port: 3306
-
Username: mysql_server_user
-
Password: mysql_s3rv3r_p@@5w0rd
-
Private_key_path: /Users/my_user/.ssh/id_rsa
-
When you request for a reverse SSH tunnel, Hevo provides you the following details:
-
Host: us-tunnel.hevodata.com
-
Username: my_org_hevo_user
-
Ports: 1500, 1501, 1502, 1503, 1504, 1505, 1506, 1507, 1508, 1509
Based on these details:
-
Connect to the reverse SSH tunnel by entering the following command on your terminal:
ssh -f -N -R 1504:mysql-server.my-org.com:3306 [email protected] -g -i /Users/my_user/.ssh/id_rsa -o ServerAliveInterval=30 -o ServerAliveCountMax=1 -o ExitOnForwardFailure=yes -
As part of configuring MySQL as the Source in your Hevo Pipeline using reverse SSH tunnel, specify the settings as follows:
-
Database Host: us-tunnel.hevodata.com
-
Database Port: 1504
-
Database User: mysql_server_user
-
Database Password: mysql_s3rv3r_p@@5w0rd
-
See Also
-
Connecting Through SSH
-
Connecting Through VPN
-
Connecting to a Local Database
Revision History
Refer to the following table for the list of key updates made to this page:
| Date | Release | Description of Change |
|---|---|---|
| Apr-30-2024 | NA | - Updated the process flow diagram and removed sections Installing an SSH Client and Connecting to the SSH Instance in Windows using Putty. - Renamed section, Connecting to the SSH Instance Using CLI to Connecting to the SSH Instance. |
| Aug-10-2022 | NA | - Added sections, Installing an SSH Client and Connecting to the SSH Instance in Windows using Putty. - Renamed section, Connecting to the SSH Instance to Connecting to the SSH Instance Using CLI. |
| Oct-25-2021 | NA | Improved the content on the page for better guidance on using a reverse SSH tunnel. |
