Configure SSH Tunnel Connectivity

This section describes how to enable SSH tunneling between the Trifacta Application and your cloud-based database infrastructure. When this feature is enabled and properly configured, users connect to your databases through a more secure manner.

Security concerns:

Credentials are stored in a secure database table.
Calls through the SSH tunnel happen with each API request to the platform. When the call has been satisfied, the connection is closed.
- For asynchronous calls to the database, the connection is not left open during the asynchronous execution of the request.

Limitations

This feature is not available for some connections.
SSH key-pair must be generated in the legacy OpenSSH format. The new OpenSSH format is not supported. Instructions for generating the legacy format are provided below.

Note

For security reasons, the port number in use for SSH tunneling is randomized when the connection is brokered. Connections where the port number is specified in the Connect String Options may need to be modified to use SSH tunneling. For more information, see "Host and port information in Connect String Options" below.

Note

This feature does not work, if In-VPC connectivity to the data service has been enabled in your project. For more information, see Dataprep In-VPC Execution.

Prerequisites

You must have credentials to access the SSH tunneling for each connection type.
On each database server to which you using SSH tunneling to connect:
- You must whitelist the SSH host, so that the database server will receive connections from it.
- For additional security, you can limit access on the SSH host to only the IP address range for Alteryx Service, which prevents access to the database server through the SSH host for any system other than the Dataprep by Trifacta platform.
- For more information, see Whitelist Platform Service.

Supported Connection Types

The following connection types support SSH Tunneling:

Connection Type	Credential Types	Documentation
Alloy DB	SSH Basic,SSH Key	AlloyDB Connections
SQL Server on Google Cloud SQL	SSH Basic,SSH Key	Microsoft SQL Server Connections
MongoDB	SSH Basic,SSH Key	MongoDB Connections
MySQL	SSH Basic,SSH Key	MySQL Connections
Oracle Database	SSH Basic,SSH Key	Oracle Database Connections
PostgreSQL	SSH Basic,SSH Key	PostgreSQL Connections
Microsoft SQL Server	SSH Basic,SSH Key	Microsoft SQL Server Connections
Teradata	SSH Basic,SSH Key	Teradata Connections
SAP HANA	SSH Basic, SSH Key	SAP HANA Connections

Configure

You can enable the SSH tunneling check box and configure the advanced options.

Note

SSH tunneling is enabled on a per-connection basis. If enabled for a connection type, the SSH options appear under the Advanced options in the connection window.

These properties are available when you create the connection. After you have specified the connection including SSH tunneling options, you should test the connection.

For more information, see Create Connection Window.

Basic Properties

Property	Description
SSH tunneling host	If you are using SSH tunneling, please specify the SSH host for tunneling into your infrastructure.
Advanced Credential Type	Depending on the type, you must specify the properties for the credentials to use to connection. See sections below.

SSH Tunneling Basic

Property	Description
SSH Tunneling User Name	(optional) Username with which to authenticate to the SSH tunnel. In some environments, a username may be optional.
SSH Tunneling Password	Password for the username

Property

Description

SSH Tunneling User Name

(optional) Username with which to authenticate to the SSH tunnel.

In some environments, a username may be optional.

SSH Tunneling Password

Password for the username

SSH Tunneling with Key

Note

Use of an SSH key that requires a passphrase is not supported.

Property	Description
SSH Tunneling User Name	(optional) Username with which to authenticate to the SSH tunnel. In some environments, a username may be optional.
SSH Tunneling SSH Key	Key used to access the SSH tunnel. Note This key must be generated in legacy OpenSSH format. See below.

Property

Description

SSH Tunneling User Name

(optional) Username with which to authenticate to the SSH tunnel.

In some environments, a username may be optional.

SSH Tunneling SSH Key

Key used to access the SSH tunnel.

Note

This key must be generated in legacy OpenSSH format. See below.

Generate SSH key

Please use the following command to generate an SSH key from the node where the database server node:

ssh-keygen -t rsa -m PEM

Host and port information in Connect String Options

For security reasons, port and host information may be randomized as part of brokering the connection. If your Connect String Options for a specific connection reference port and host numbers, you must replace them with the following dynamic references:

Note

Use of these references in the Connect String Options for an SSH-enabled connection is required.

Item	Reference
hostname	`${host`}
port number	`${port`}

Example:

(DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = ${host})(PORT = ${port})))(CONNECT_DATA = (SERVICE_NAME = ORCL)))

Use

When you have configured SSH tunneling properly, all users of the connection use the SSH configuration to access the targeted database.

In this section:

Configure SSH Tunnel Connectivity

Limitations

Prerequisites

Supported Connection Types

Configure

Basic Properties

SSH Tunneling Basic

SSH Tunneling with Key

Host and port information in Connect String Options

Use

Sharing

Search results