SSH Tunnels #
When your database is behind a bastion or jump host, SELECT can open an SSH tunnel to reach it.
Setup #
In the connection form, switch the connection mode to DSN + SSH tunnel. This reveals the SSH configuration fields:
| Field | Description |
|---|---|
| Host | Bastion/jump host hostname or IP (not the database host) |
| Port | SSH port, defaults to 22 |
| User | System user on the SSH host |
| Auth method | password or private_key |
| Password | SSH password (when auth method is password) |
| Private key | Full PEM key content (when auth method is private_key) |
The Host field refers to the SSH jump host, not the database. The database host goes in the DSN.
How it works #
SELECT opens a local port-forward through the SSH host to the database. The DSN connects to the forwarded local port transparently.
Connections are pooled and kept alive to avoid re-establishing tunnels on every query. If the tunnel drops, SELECT detects it via keepalive and reconnects on the next query.