Jump servers enable you to securely connect Tree Schema to your database. We highly encourage everyone to connect to your Data Store through a jump-server where possible. The basic data flow for a jump server looks like this:
There are two main reasons why this is more secure for you to access your data:
You can enforce authentication to your data through an SSH key or password
You can limit the IP (or CIDR blocks) that can access your Data Store, instead of allowing access from all IP addresses we will provide you with the one IP that Tree Schema will connect from
While it is not required that you use a jump server, when you do set up a jump server we require it to be secured via a password or an SSH key. We encrypt your password or SSH key (whichever is provided) before saving using AWS KMS to ensure that your information is secure.
All users in the Admin and Owner group can view and manage jump servers.
View Jump Servers¶
You can see all of your jump servers from the admin portal:
Add Jump Server¶
Before you add a jump server it is worth taking note that we have also provided a set of connection details that you may need to enable for Tree Schema to be able to establish an SSH connection with your Data Store. The information contains the IP address (CIDR block) that the traffic will be coming from as well as the specific port and protocol required. This is the only IP we will ever use to connect to your Data Store
The example below shows the IP / CIDR 0.0.0.0/32 but the live app will contain a valid IP.
To add a jump server, select Add Jump Server to bring up the new jump server details:
The following fields are required:
Jump server name: a logical name to use when referring to the jump server throughout Tree Schema
Hostname or IP: this must be a publicly available IP address that Tree Schema can connect to
Username: the username to connect to the server with
In addition, one of the following fields must be provided:
Here is an example of a completed jump server:
In order to save a jump server the connection must be tested first. Select Test Connection once you have added all of the details. If everything goes right you will see this message:
If there is a problem connecting you will either see an error like this:
Debugging Jump Server Errors¶
If we can capture the specific reason why the connection could not occur we will raise that error and present it to you. Otherwise you may see this generic error:
Could not establish session to SSH gateway
This error just means the connection could not be established, here are a few things to check in case this happens:
The host or IP address is correct
The username is correct
The password or SSH key is correct
Your firewall rules allow incoming traffic on port 22 for the Tree Schema IP address provided
Connect to a Data Store with a Jump Host¶
To tunnel traffic through a jump host to your Data Store select the jump host when creating or updating your Data Store:
Make sure you test the connection before saving to ensure that the connection to the Data Store works!
Not all Data Stores are eligible to connect through a jump server, some Data Stores, such as DynamoDB, only support direct connections to the database