All Collections
Connecting your Database or Data Warehouse
How to Setup SSH Bastion Host
How to Setup SSH Bastion Host
A
Written by Aditi
Updated over a week ago

Part 1: Creating a Bastion Host

  1. Choose a Cloud Provider: Select your preferred cloud provider. If you don't have one, AWS offers a reliable free tier option to get started.

  2. Launch an Instance:

    • Navigate to your cloud provider's virtual machine creation service (e.g., AWS EC2, GCP GCE).

    • Choose a security-hardened operating system like Ubuntu or Amazon Linux.

  3. Configure Network Security:

    • Create a security group for the bastion host.

    • Allow inbound SSH access (TCP port 22) only from your trusted IP addresses and Locale’s IP Address 35.185.77.86. Restrict all other traffic.

    • Assign the bastion host to the same VPC and subnet as the target database (if they are in the same cloud environment).

Part 2: SSH Connection to Bastion Host

💡 Public-key authentication is the recommended approach for the SSH Connection.

Locale offers two-way of connecting to bastion host

  1. Password Authentication:

    • Edit your sshd config file

    • Find the line PasswordAuthentication no and change it to PasswordAuthentication yes.

    • Save the changes and restart the SSH service: sudo systemctl restart sshd

  2. Public Key Authentication:

    • Copy the Locale SSH Key from the data source connection page.

    • Upload locale’s public key to the bastion host's ~/.ssh/authorized_keys file.

Did this answer your question?