Share

Connecting Through Reverse SSH Tunnel

Hevo can connect to your database via a Reverse SSH Tunnel. This connection method is available only under a business plan. Reverse SSH tunneling or remote port forwarding helps you connect to a remote (and private) network without needing a public gateway.

Unlike SSH, in which you establish a secure connection with a remote system and can receive and send data, reverse SSH operates differently. Here, the remote system connects with your local system. You can set up a connection to the remote system using an SSH client, which is pre-installed on most Linux-based systems. Hevo fetches data from your database system using this connection. As the original connection was formed from the remote system to your local system, it is called a reverse SSH.

Note: You can verify that SSH is installed on your Linux-based system by entering the ssh -V command in a terminal window.

The following diagram illustrates the steps to connect your Source database through reverse SSH in Hevo. The steps are also described in detail in the sections below.

Reverse SSH Process Flow


Requesting a Reverse SSH Tunnel

To request a reverse SSH tunnel, contact Hevo either through the in-app support or by mailing us at support@hevodata.com with the SSH public key you wish to connect with.

Once Hevo gets your request it creates an SSH user for your team and allocates a set of ports that you can use to tunnel the traffic. Hevo provides you the following details that you can use to set up the reverse SSH tunnel and configure your Source:

  • ssh_host: The hostname of the SSH instance.

  • ssh_user: The username you would be using to connect to the SSH instance. This applies to your entire team.

  • a set of remote_forward_ports: A list of ports that Hevo allocates to you for tunneling the traffic. You can use one port for each DB host you want to fetch the data from.


Connecting to the SSH Instance

To connect the reverse SSH host, do one of the following:

  • Run the following command:

    ssh -f -N -R <REMOTE_FORWARD_PORT>:<DB_HOSTNAME_OR_IP>:<DB_PORT> <SSH_USER>@<SSH_HOST> -g -i <PATH_TO_PRIVATE_KEY> -o ServerAliveInterval=30 -o ServerAliveCountMax=1 -o ExitOnForwardFailure=yes
    

    Refer to the following table for the values of the variables.

    Configuration Description
    <REMOTE_FORWARD_PORT> Any port from the list of ports allocated by Hevo to tunnel the traffic.
    <DB_HOSTNAME_OR_IP> The hostname or IP address of the DB instance you want to connect to.
    <DB_PORT> The port your database is listening on.
    <SSH_USER>@<SSH_HOST> -g -i The SSH user name provided to you by Hevo.
    <SSH_HOST> The hostname of the SSH server provided to you by Hevo. This starts with the region your account is created in. For example, us-tunnel.hevodata.com.
    <PATH_TO_PRIVATE_KEY> -o The path to the SSH private key available with you.
    ServerAliveInterval The interval in seconds, at which the server checks the connection. For example, 30, to indicate 30 seconds.
    ServerAliveCountMax The maximum number of server-alive messages for which a response may not be received before ssh disconnects from the server and terminates the session. For example, 1.
  • Provide the settings using the SSH configuration file:

    1. Edit your SSH config file, normally found at the path, ~/.ssh/config.

    2. Add the following reverse SSH settings to the file:

      Host                    <SSH_HOST>
      user                    <SSH_USER>
      IdentityFile            <PATH_TO_PRIVATE_KEY>
      ServerAliveInterval     30
      ServerAliveCountMax     1
      ExitOnForwardFailure    yes
      
    3. Run the following command with the values of the variables as defined in the SSH config file. Specify the port number to be assigned to the database from the list provided by Hevo.

      ssh -f -N -R <REMOTE_FORWARD_PORT>:<DB_HOSTNAME_OR_IP>:<DB_PORT> <SSH_HOST> -g
      

      If you are using an SSH process manager, such as autossh, use the command:

      autossh -M 0 -f -N -R <REMOTE_FORWARD_PORT>:<DB_HOSTNAME_OR_IP>:<DB_PORT> <SSH_HOST> -g
      

This sets up the reverse SSH tunnel.


Connecting the Database to Hevo

While connecting the database to Hevo, for the Database Host specify the <SSH_HOST>, and for the Database Port, specify the <REMOTE_FORWARD_PORT>.

Reverse SSH settings

Example

Let us suppose that you are configuring a MySQL Source and have:

  • A MySQL server (can also be a private subnet), and

  • An internet gateway with an ssh client installed with the following configuration:

    • Host: mysql-server.my-org.com

    • Port: 3306

    • Username: mysql_server_user

    • Password: mysql_s3rv3r_p@@5w0rd

    • Private_key_path: /Users/my_user/.ssh/id_rsa

When you request for a reverse SSH tunnel, Hevo provides you the following details:

  • Host: us-tunnel.hevodata.com

  • Username: my_org_hevo_user

  • Ports: 1500, 1501, 1502, 1503, 1504, 1505, 1506, 1507, 1508, 1509

Based on these details:

  1. Connect to the reverse SSH tunnel by entering the following command on your terminal:

    ssh -f -N -R 1504:mysql-server.my-org.com:3306 my_org_hevo_user@region-tunnel.hevodata.com -g -i /Users/my_user/.ssh/id_rsa -o ServerAliveInterval=30 -o ServerAliveCountMax=1 -o ExitOnForwardFailure=yes
    
  2. As part of configuring MySQL as the Source in your Hevo Pipeline using reverse SSH tunnel, specify the settings as follows:

    Reverse SSH Example

    • Database Host: us-tunnel.hevodata.com

    • Database Port: 1504

    • Database User: mysql_server_user

    • Database Password: mysql_s3rv3r_p@@5w0rd


See Also

Last updated on Aug 28, 2024

Tell us what went wrong

Skip to the section