SSH Tunnels
If your database is in a private network or an additional layer of network encryption is needed, Omni can connect through an SSH tunnel. In this configuration, Omni establishes an encrypted connection to an SSH server on your network, and then uses SSH's Local Forwarding feature to route traffic through the SSH connection to the database in your network.
These are the steps to setup an SSH connection with Omni:
- Setup the SSH server in your network
- Contact Omni support with the following information:
- The host, port and user to connect to your SSH server
- The host, port, and type of the database for Omni to connect to on the other side of the SSH tunnel (this should be a private IP address or DNS entry that resolves to one)
- Omni support will generate an authentication keypair and send you the public key to authorize on your SSH server
- Once this is complete, Omni support will confirm the SSH connection can be established and add the new database connection to your Omni instance.
SSH Server Setup
We recommend using the OpenSSH server, as it is the most widely used SSH server and is guaranteed to be compatible with the OpenSSH client we use to establish the connection. Most Linux distributions come with OpenSSH installed or easily installable through a package manager.
Your SSH server must be in a network that accepts traffic on the SSH port from Omni's outbound IP addresses, and be able to route traffic to the network that the database resides in. Additionally, the database's firewall must be configured to accept traffic from the SSH server.