# SSH Tunneling
You can connect Postgres, MySQL, MSSQL, MongoDB, and other databases that are hosted under a private network via SSH tunnels.
Follow the instruction below to configure SSH tunneling in UI Bakery:
1. Start by navigating to the data source connection window - choose your data source and select the **Enable SSH tunnel** checkbox.
{% hint style="success" %}
For already connected data sources, you just need to open their settings.
{% endhint %}
2. Now, you need to configure your *bastion host* to allow UI Bakery to establish an SSH tunnel:
1. Create a **UI Bakery user** (UI Bakery will connect to your bastion as this user):
```bash
# Use this command if you use Amazon Linux
sudo adduser uibakery --password NP
# Use this command if you use any other Linux/Mac
sudo adduser uibakery --disabled-password
```
2. Next, create the required `authorized_keys` file and configure its permissions:
# Login as root user
sudo su
# Create the authorized_keys file if it does not exist
mkdir -p /home/uibakery/.ssh
touch /home/uibakery/.ssh/authorized_keys
# Set required permissions and make uibakery user an owner of this file
chmod 644 /home/uibakery/.ssh/authorized_keys
chown uibakery:uibakery /home/uibakery/.ssh/authorized_keys
3. Now, go back to the data source connection window, copy the **SSH public key**, and paste it to the `authorized_keys` file:
```bash
# Use any text editor and insert previously copied ssh public key in authorized_keys file
vim /home/uibakery/.ssh/authorized_keys
```
{% hint style="info" %}
The same steps apply for on-premise deployments as well.
{% endhint %}
3. Once connected, return to UI Bakery and specify your **bastion host** and **port number** under the *Enable SSH tunnel* checkbox.
{% hint style="info" %}
Usually, *bastion host* is either the domain or IP address of the virtual machine and *port number* is the SSH port (22) of the server that holds the database.
{% endhint %}
4. Next, specify the **Bastion user** you created in Step 2 (a).
5. Finally, scroll up to the *Connection settings* section and specify all the required fields.
:information\_source: Please note that in the **Host** field you either need to specify:
* *localhost* (if the bastion and database are on the same virtual machine) or
* your *private network IP address* (if bastion and database are on different virtual machines with mutual access and the 3306 port is open)
6. Click **Test connection** to check whether the data source can be connected, and then click **Connect Datasource**.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.uibakery.io/concepts/data-sources/ssh-tunneling.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.