# SSH Tunneling

You can connect Postgres, MySQL, MSSQL, MongoDB, and other databases that are hosted under a private network via SSH tunnels.

Follow the instruction below to configure SSH tunneling in UI Bakery:

1. Start by navigating to the data source connection window - choose your data source and select the **Enable SSH tunnel** checkbox.

{% hint style="success" %}
For already connected data sources, you just need to open their settings.
{% endhint %}

<figure><img src="https://837703843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUX6zPRMFFK0yrTghj7cY%2Fuploads%2FCdzR6cyiNiWxoItKoOrm%2FCleanShot%202025-08-13%20at%2016.47.16%402x-min2.png?alt=media&#x26;token=f3129dc6-1550-4a32-b09a-a2d4cdb3509b" alt=""><figcaption></figcaption></figure>

2. Now, you need to configure your *bastion host* to allow UI Bakery to establish an SSH tunnel:
   1. Create a **UI Bakery user** (UI Bakery will connect to your bastion as this user):<br>

      ```bash
      # Use this command if you use Amazon Linux
      sudo adduser uibakery --password NP

      # Use this command if you use any other Linux/Mac
      sudo adduser uibakery --disabled-password
      ```
   2. Next, create the required `authorized_keys` file and configure its permissions:<br>

      <pre class="language-bash"><code class="lang-bash"># Login as root user
      <strong>sudo su
      </strong>
      # Create the authorized_keys file if it does not exist
      mkdir -p /home/uibakery/.ssh 
      touch /home/uibakery/.ssh/authorized_keys 

      # Set required permissions and make uibakery user an owner of this file
      chmod 644 /home/uibakery/.ssh/authorized_keys
      chown uibakery:uibakery /home/uibakery/.ssh/authorized_keys
      </code></pre>
   3. Now, go back to the data source connection window, copy the **SSH public key**, and paste it to the `authorized_keys` file:<br>

      ```bash
      # Use any text editor and insert previously copied ssh public key in authorized_keys file
      vim /home/uibakery/.ssh/authorized_keys
      ```

<figure><img src="https://837703843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUX6zPRMFFK0yrTghj7cY%2Fuploads%2FBHkOBHoaCdNwTGz7lBWk%2FCleanShot%202025-08-13%20at%2016.59.52%402x-min2.png?alt=media&#x26;token=6b940db5-49eb-492e-a253-e383055c8dc7" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
The same steps apply for on-premise deployments as well.
{% endhint %}

3. Once connected, return to UI Bakery and specify your **bastion host** and **port number** under the *Enable SSH tunnel* checkbox.

{% hint style="info" %}
Usually, *bastion host* is either the domain or IP address of the virtual machine and *port number* is the SSH port (22) of the server that holds the database.
{% endhint %}

4. Next, specify the **Bastion user** you created in Step 2 (a).

<figure><img src="https://837703843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUX6zPRMFFK0yrTghj7cY%2Fuploads%2FBY5NQvcxliHAkwarpg7Z%2FCleanShot%202025-08-13%20at%2017.15.54%402x-min2.png?alt=media&#x26;token=e9ace9df-8041-4d19-baa6-c1ae26599597" alt=""><figcaption></figcaption></figure>

5. Finally, scroll up to the *Connection settings* section and specify all the required fields.

<figure><img src="https://837703843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUX6zPRMFFK0yrTghj7cY%2Fuploads%2FhauJyhH16a6UKMJtYlAG%2FCleanShot%202025-08-13%20at%2017.34.28%402x-min.png?alt=media&#x26;token=cb8ad06c-7307-4021-98b6-8e5dc1730a8a" alt=""><figcaption></figcaption></figure>

:information\_source: <mark style="background-color:$info;">Please note that in the</mark> <mark style="background-color:$info;"></mark><mark style="background-color:$info;">**Host**</mark> <mark style="background-color:$info;"></mark><mark style="background-color:$info;">field you either need to specify:</mark>

* *<mark style="background-color:$info;">localhost</mark>* <mark style="background-color:$info;"></mark><mark style="background-color:$info;">(if the bastion and database are on the same virtual machine) or</mark>
* <mark style="background-color:$info;">your</mark> <mark style="background-color:$info;"></mark>*<mark style="background-color:$info;">private network IP address</mark>* <mark style="background-color:$info;"></mark><mark style="background-color:$info;">(if bastion and database are on different virtual machines with mutual access and the 3306 port is open)</mark>

6. Click **Test connection** to check whether the data source can be connected, and then click **Connect Datasource**.