...
| Excerpt | ||||
|---|---|---|---|---|
This section describes how to enable SSH tunneling between the
|
...
- Credentials are stored in a secure database table.
- Calls through the SSH tunnel happen with each API request to the platform. When the call has been satisfied, the connection is closed.
- For asynchronous calls to the database, the connection is not left open during the asynchronous execution of the request.
Limitations
...
...
This feature is not available for some connections.
- SSH key-pair must be generated in the legacy OpenSSH format. The new OpenSSH format is not supported. Instructions for generating the legacy format are provided below.
| Info |
|---|
NOTE: For security reasons, the port number in use for SSH tunneling is randomized when the connection is brokered. Connections where the port number is specified in the Connect String Options may need to be modified to use SSH tunneling. For more information, see "Host and port information in Connect String Options" below. |
| Info |
|---|
NOTE: This feature does not work, if In-VPC connectivity to the data service has been enabled in your project. For more information, see Dataprep In-VPC Execution. |
Prerequisites
- You must have credentials to access the SSH tunneling for each connection type.
- On each database server to which you using SSH tunneling to connect:
- You must whitelist
- the SSH host, so that the database server will receive connections from it.
- For additional security, you can limit access on the SSH host to only the IP address range for
D s item item Service
- , which prevents access to the database server through the SSH host for any system other than the
.D s platform r true - For more information, see Whitelist Platform Service.
Supported Connection Types
The following connection types support SSH Tunneling:
Connection Type | Credential Types | Documentation | ||
|---|---|---|---|---|
|
Configure
...
SSH Basic,SSH Key | ||||||
| SSH Basic,SSH Key | |||||
| SSH Basic,SSH Key | |||||
| SSH Basic,SSH Key | |||||
| SSH Basic,SSH Key | |||||
| SSH Basic,SSH Key | |||||
| SSH Basic,SSH Key | |||||
| SSH Basic,SSH Key |
Configure
You can enable the SSH tunneling check box and configure the advanced options.
| Info |
|---|
NOTE: SSH tunneling is enabled on a per-connection basis. If enabled for a connection type, the SSH options appear under the Advanced options in the connection window. |
...
| Code Block |
|---|
ssh-keygen -t rsa -m PEM |
Host and port information in Connect String Options
For security reasons, port and host information may be randomized as part of brokering the connection. If your Connect String Options for a specific connection reference port and host numbers, you must replace them with the following dynamic references:
| Info |
|---|
NOTE: Use of these references in the Connect String Options for an SSH-enabled connection is required. |
| Item | Reference |
|---|---|
| hostname | ${host} |
| port number | ${port} |
Example:
| Code Block |
|---|
(DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = ${host})(PORT = ${port})))(CONNECT_DATA = (SERVICE_NAME = ORCL))) |
Use
When you have configured SSH tunneling properly, all users of the connection use the SSH configuration to access the targeted database.
...
When a connection is shared with credentials, the SSH authentication credentials are also shared. For more information, see Share a Connection.
| D s also | ||
|---|---|---|
|
