Add a database connection using an SSH tunnel

---

Availability

  Users, Editors, and Admins

  All accounts

 All subscription plans

---

An SSH tunnel allows you to securely connect your database to Databox when direct access is restricted. By routing traffic through an encrypted channel, it prevents exposing your database to the public internet while still giving Databox the access it needs to collect and report your data.

Add a database connection using an SSH tunnel

Here’s how the process works:

1. Contact Databox Support

• Reach out via in-app chat or email at help@databox.com to request an SSH tunnel setup.
• The process will be initiated, and you’ll be guided through the next steps.

2. Databox generates the SSH keys

• Databox creates a new SSH key pair.
• The public key is shared with you securely.
• The private key is stored by Databox and never leaves the system.

3. You add the public key to your server

• Add the shared public key to the ~/.ssh/authorized_keys file for the SSH user dedicated to Databox.
• Make sure the SSH user is the owner of the installed key.
• Verify that the private key file has the correct permissions (chmod 400) so it can be used securely.
• Ensure this SSH user can reach the database host from the server.
• Open port 22 (SSH) in your firewall and whitelist Databox’s IP address: 52.4.198.118

4. You provide Databox with your database details

To complete the setup, you’ll need to share the following information with Databox:

• SSH server hostname or IP address – the server Databox will connect to
• SSH username – the account where the Databox public key was installed
• SSH port – usually 22, unless you’ve configured a custom port
• Database hostname or IP address – the internal address of your database (accessible from the SSH server)
• Database port – the port your database listens on (reachable from the SSH server)

5. Databox configures and verifies the tunnel

• Once you confirm the key has been added and details provided, Databox finalizes the tunnel configuration.
• Databox tests the connection through the tunnel.
• Databox will provide the host and port you should use when connecting the database in Databox using the regular connection steps.
• If successful, the setup is complete and your database is ready to sync securely.

Supported integrations and bastion option

Databox currently supports SSH tunnels for the following database integrations:

• MySQL
• PostgreSQL
• Microsoft SQL Server
• Amazon Redshift

If you are using a different database type, you can still connect through an SSH bastion host. In this setup, Databox connects to the bastion server, which then relays traffic securely to your database inside the private network.

For more background on bastion hosts, see:

• What is a Bastion Host? (GeeksforGeeks)
• Security best practices for SSH bastion hosts (Teleport)

Frequently Asked Questions

Can I reuse the same SSH user for multiple databases?

Yes, as long as the SSH user can reach all necessary databases, you can use the same account.

Do I need to generate my own SSH keys?

No. Databox generates the keys for you and shares only the public key for installation on your server.

What happens if I remove the public key from my server or change connection details?

If the public key is removed from your server, Databox will no longer be able to authenticate through the SSH tunnel, and the connection will stop working until the key is reinstalled.

Any changes to your SSH or database configuration (such as credentials, hostnames, or ports) will also cause the tunnel to stop working. In these cases, you must share the updated information with Databox so the tunnel configuration can be adjusted.

Still need help?

Visit our community, send us an email, or start a chat in Databox.