If you use a bastion server to access a postgresql, or any other sql database for that matter, you'll need
to create an ssh tunnel to access it. Some DB clients handle this automatically for you, but if you want to
interact with the database through the shell you'll need to create it yourself.
Put simply, a ssh tunnel is a way to redirect requests to a port on localhost to a remote server.
Before creating the tunnel, you will need to know three things: the bastion server's hostname, your username on the bastion server, and the sql server's hostname. You should also verify that you can ssh into the bastion server. To do this, run the follwing command and enter your password when prompted.
You can add your ssh key to the bastion server so that you don't have to type in your password every time you connect. To do so, use the following command:
Now that you know you can connect to the bastion server, open the tunnel like this:
ssh -L localhost:5433:<sql_server>:5432 <username>@<bastion_server>
You should see the standard bash prompt that came up when you directly logged into the bastion server.
Leave this window open to keep the tunnel open. Now when you connect to the port
you'll actually be talking to the sql server on port
To verify that your connection works, open a new terminal and execute:
psql --port=5433 --host=localhost -c "SELECT * FROM pg_catalog.pg_tables"
You should see a list of tables returned.
Okay, I forget the command to open a tunnel all the time. Plus it's a pain to have to look up the hostname of two servers every time you want to connect to the database. To simplify things, you can create a ssh config with all of the tunnel settings. Edit your
~/.ssh/config file and add the following entry:
Host bastion-production HostName <bastion_server> User <username> LocalForward localhost:5433 <sql_server>:5432
Now to create the tunnel, just run
ssh bastion-production and it will behave the same as the previous command.