Download Free
Connections

SSH Tunneling

Connect to MongoDB databases through SSH tunnels.

Overview

SSH tunneling allows you to securely connect to MongoDB databases that aren't directly accessible from your machine. This is common when databases are behind firewalls or in private networks.

When to Use SSH Tunneling

  • Database is in a private subnet
  • Firewall blocks direct connections
  • Company security policy requires tunneling
  • Connecting to cloud VMs without public MongoDB access

How It Works

Sutido establishes an SSH connection to a jump host (bastion server) that has access to your MongoDB server. Traffic is then forwarded through this encrypted tunnel: 

Your Computer โ†’ SSH Tunnel โ†’ Jump Host โ†’ MongoDB Server

Configuring SSH Tunneling

1. Enable SSH Tunnel

When creating or editing a connection, enable the SSH tunnel option.

2. SSH Server Settings

Setting Description
SSH Host Hostname or IP of your SSH server (jump host)
SSH Port SSH port (default: 22)
SSH Username Your SSH username

3. Authentication Method

Password Authentication

Enter your SSH password. The password is stored securely in your operating system's keychain.

Private Key Authentication

For key-based authentication:

  • Private Key File: Path to your private key (e.g., ~/.ssh/id_rsa)
  • Passphrase: If your key is encrypted, provide the passphrase

Security Note: Key passphrases are stored in your system's secure keychain, not in plain text.

SSH Key Formats

Sutido supports common private key formats:

  • OpenSSH format (default on modern systems)
  • PEM format
  • RSA keys
  • ED25519 keys

Example Configurations

AWS EC2 Instance

SSH Host: ec2-xx-xx-xx-xx.compute-1.amazonaws.com
SSH Port: 22
SSH Username: ec2-user
Private Key: /path/to/your-key.pem

MongoDB Host: 10.0.1.100
MongoDB Port: 27017

DigitalOcean Droplet

SSH Host: droplet.example.com
SSH Port: 22
SSH Username: root
Private Key: ~/.ssh/id_rsa

MongoDB Host: localhost
MongoDB Port: 27017

Note: When MongoDB is on the same machine as the SSH server, use localhost or 127.0.0.1 as the MongoDB host.

Connection Flow

  1. Sutido connects to the SSH server
  2. SSH tunnel is established (port forwarding)
  3. Local port is mapped to the remote MongoDB server
  4. MongoDB connection is made through the tunnel
  5. Keepalive packets maintain the connection (every 15 seconds)

Troubleshooting

Connection Refused

  • Verify the SSH server is running and accessible
  • Check that the SSH port is open in firewalls
  • Confirm your SSH credentials are correct

Permission Denied (publickey)

  • Verify the private key file path is correct
  • Check that the key has proper permissions (chmod 600)
  • Ensure your public key is in the server's authorized_keys

Connection Timeout

  • Check network connectivity to the SSH server
  • Verify the MongoDB host is correct from the SSH server's perspective
  • Ensure MongoDB is running on the target server

Host Key Verification

On first connection to a new SSH server, the host key is verified. If you see a host key warning, ensure you're connecting to the correct server before proceeding.

Performance Considerations

SSH tunneling adds some latency to database operations. For better performance:

  • Use a jump host geographically close to the database
  • Consider using projection to limit data transfer
  • Batch operations when possible

Next Steps

Learn about different authentication methods.