Skip to main content

Overview

SSH, or Secure Shell, is a protocol that allows you to connect to a server securely over an encrypted connection. We support SSH tunneling for the following data connectors:

Setup guide

To set up a connection with SSH tunneling, follow the setup guide for your desired data connector. During the connector setup:
  1. Select your connector from the data-connectors page.
  2. Choose SSH from the Mode dropdown.
  3. Enter your Connection Name, User, Password, Host, Port, and Database.
  4. Fill out the SSH tunnel information:
    • ssh_host: The hostname or IP address of your SSH jump server (the bastion or server you can SSH into).
    • ssh_port: Usually 22 unless your server uses a custom port.
    • ssh_username: The username you use to SSH into your server.
  5. Click Add Connection

SSH public key allowlisting

If your database requires SSH key-based access, go to data-connectors and copy the SSH Public Key at the bottom of the page.
Each Julius user has their own unique SSH public key. Be sure to allowlist the correct public key for the Julius user who will be connecting to your database.

Appendix: HAProxy bastion example

If your database sits on a private network and you need to expose it to Julius via a bastion host, here’s an example setup using a Debian VM with HAProxy. The same approach works on other distributions (adjust install commands) and other databases (adjust the port).
  1. Spin up an instance with a public IP that can reach the internal database.
  2. SSH into the instance and verify you can connect to the database. For Postgres: 
    sudo apt install postgresql-client
psql postgresql://[postgres user]@[postgres ip]:[postgres port]
# enter the postgres password when prompted
  3. Install HAProxy: 
    sudo apt install haproxy
  4. Replace /etc/haproxy/haproxy.cfg with the following, changing DB IP/HOSTNAME to your database’s IP or hostname: 
    global
    daemon
    log stdout local0
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy

defaults
    mode tcp
    log global
    option tcplog
    option dontlognull
    retries 3
    timeout queue 1m
    timeout connect 10s
    timeout client 1m
    timeout server 1m
    timeout check 10s

# Frontend - listens on port 5432
frontend postgres_frontend
    bind *:5432
    mode tcp
    default_backend postgres_backend

# Backend - forwards to your database server
backend postgres_backend
    mode tcp
    balance roundrobin
    option tcp-check
    tcp-check connect
    server db1 [DB IP/HOSTNAME]:5432 check
  5. Enable and start HAProxy: 
    sudo systemctl enable haproxy
sudo systemctl start haproxy
  6. Add a security rule allowing incoming traffic on port 5432 from the Julius IPs (listed at the bottom of julius.ai/data-connectors).
  7. Connect Julius to the public IP of your bastion — it will proxy to your database.