Connecting Through Reverse SSH Tunnel

Hevo can connect to your database via a Reverse SSH Tunnel. Reverse SSH tunnelling or remote port forwarding helps you connect to a remote (and private) network without needing a public gateway.

Requesting a Reverse SSH Tunnel

To request a Reverse SSH Tunnel, contact Hevo either through the in-app support or by mailing us at support@hevodata.com with the SSH public key you wish to connect with.

Once Hevo gets your request we will allocate an SSH user and a set of ports you can use to tunnel the traffic. In addition, Hevo provides you the following details in response to your request.

  • host: Hostname of the SSH instance.

  • username: The username you would be using to connect to the SSH instance.

  • ports: A list of ports that Hevo allocates to you for tunnelling the traffic. You can use one port for each DB host.

Connecting to the SSH Instance

Connect to the reverse SSH host with the following command:

ssh -f -N -R <REMOTE_FORWARD_PORT>:<DB_HOSTNAME_OR_IP>:<DB_PORT> <SSH_USER>@<SSH_HOST> -g -i <PATH_TO_PRIVATE_KEY> -o ServerAliveInterval=30 -o ServerAliveCountMax=1 -o ExitOnForwardFailure=yes

Refer below for the descriptions of the variables.

If you rather wish to use SSH config add the following in your SSH config file (~/.ssh/config):

Host <SSH_HOST>
    user                  <SSH_USER>
    IdentityFile          <PATH_TO_PRIVATE_KEY>
    ServerAliveInterval   30
    ServerAliveCountMax   1
    ExitOnForwardFailure  yes

and run the following command:

ssh -f -N -R <REMOTE_FORWARD_PORT>:<DB_HOSTNAME_OR_IP>:<DB_PORT> <SSH_HOST> -g

If you are using an SSH process manager, such as autossh, use the command:

autossh -M 0 -f -N -R <REMOTE_FORWARD_PORT>:<DB_HOSTNAME_OR_IP>:<DB_PORT> <SSH_HOST> -g

Description of Variables

  • REMOTE_FORWARD_PORT: Any port from the list of ports that is allocated to tunnel the traffic.

  • DB_HOSTNAME_OR_IP: The hostname or IP address of the DB instance you want to connect to.

  • DB_PORT: The port the database is listening on.

  • SSH_USER: The username provided to you by Hevo.

  • SSH_HOST: The hostname of the SSH server provided to you by Hevo.

  • PATH_TO_PRIVATE_KEY: The path to SSH private key.

Connecting the Database to Hevo

While connecting the database to Hevo, specify the hostname as SSH_HOST and the port as REMOTE_FORWARD_PORT.

Last updated on 28 Jun 2021