SSH Tunnel Setup

This document describes how to ingest data residing in a private network or when it is not possible to provide direct access to the datasource.

Connection Setting in the Sprinkle

• In the connection tab of the data sources, make Connect via SSH Host as yes then it will display the ssh connection details.

• Provide the SSH Host from which you want to create SSH tunnel (preferable is jump host or any other host from where the datasource is accessible)

• Copy the SSH public key and paste it into the ~/.ssh/authorized_keys file of the SSH user on the ssh host machine.

Networking rules from your end

• Make sure SSH Host has public IP

• Whitelist Sprinkle IPs (34.93.254.126, 34.93.106.136) in your SSH Host. SSH host should be able to accept traffic from these Sprinkle IPs.

• Make sure SSH port 22 is open.

• Make sure in /etc/ssh/sshd_config file, following is enabled. Incase you change these, restart the sshd service.

  • PubkeyAuthentication yes

  • PubkeyAcceptedKeyTypes=+ssh-rsa

Once this setting is completed you can try test-connection and if successful, you can ingest data.

Troubleshooting Connection Issues

If seeing unable to connect to SSH Host error

• Check the /var/log/auth.log file or /var/log/messages file in the SSH Host for authentication errors. If there are no logs, then sprinkle is unable to reach the ssh host. Make sure Networking is correctly setup as mentioned above.

• Make sure authorized_keys is correctly spelled and is placed in the right folder

• Make sure the public key is added correctly in authorized_keys file without any extra spaces

• Make sure you are using the correct login user name (user's home directory where you have created the ~/.ssh/authorized_keys file)

• Make sure .ssh folder and authorized_keys are owned by the SSH Login User. Otherwise run the following command by replacing <user> with the login user.

  • chown -R <user>:<user> ~/.ssh

• Make sure permission are correct

  • chmod 700 ~/.ssh

  • chmod 600 ~/.ssh/authorized_keys

• After fixing above issues, if still seeing connection failure, then check the /var/log/auth.log file in the SSH Host for connection errors.

• You may also check sshd configuration in /etc/ssh/sshd_config file. check the values of following parameters. After making changes, you will need to the restart the sshd service.

  • PubkeyAuthentication yes

  • PubkeyAcceptedKeyTypes=+ssh-rsa

Datasources allowing access via SSH

• MongoDB

• MySQL

• Oracle

• Postgres

• SQL Server