Please wait while we set up your account
We use cookies and similar technologies to improve your experience, analyse traffic, and personalise content. You can accept all cookies or reject non-essential ones.
An SSH tunnel connection allows SurveyAnalytica to securely access resources in your private network by establishing an encrypted SSH tunnel through a jump server (also known as a bastion host). This is commonly used when you need SurveyAnalytica to connect to internal databases, APIs, or services that are not directly reachable from the internet, but are accessible from a server that does have SSH exposed.
SSH tunnels are a lightweight alternative to VPN connections and are well-suited for connecting to individual services such as a database on a specific host and port.
Before configuring an SSH tunnel connection, ensure you have the following:
/etc/ssh/sshd_config) must allow AllowTcpForwarding yes.10.0.1.50:5432).SurveyAnalytica uses key-based authentication for SSH tunnels. Generate a dedicated key pair for this connection using the following command:
ssh-keygen -t ed25519 -C "surveyanalytica-tunnel"When prompted:
~/.ssh/surveyanalytica_tunnel).This generates two files:
surveyanalytica_tunnel — The private key (you will paste this into SurveyAnalytica).surveyanalytica_tunnel.pub — The public key (you will install this on your jump server).Note: We recommend Ed25519 keys for their strong security and compact size. RSA keys (4096-bit) are also supported.
The public key must be added to the authorized keys on your jump server. You can do this using ssh-copy-id:
ssh-copy-id -i ~/.ssh/surveyanalytica_tunnel.pub username@jump-server-hostAlternatively, manually append the public key to the authorized keys file:
cat ~/.ssh/surveyanalytica_tunnel.pub | ssh username@jump-server-host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"Or, if you have direct access to the server, open ~/.ssh/authorized_keys on the jump server and paste the contents of the .pub file on a new line.
Verify the key works before proceeding:
ssh -i ~/.ssh/surveyanalytica_tunnel username@jump-server-host echo "Connection successful"In SurveyAnalytica, navigate to Settings → Network Connections and click Add Connection. Select SSH Tunnel as the connection type.
Fill in the following fields:
| Field | Description | Example |
|---|---|---|
| Host | The public hostname or IP address of your jump server | bastion.example.com |
| Port | The SSH port on the jump server | 22 |
| Username | The SSH user account on the jump server | sa-tunnel |
| Private Key | Paste the contents of the private key file | Contents of surveyanalytica_tunnel |
| Field | Description | Example |
|---|---|---|
| Remote Host | The internal hostname or IP of the target resource (as seen from the jump server) | 10.0.1.50 |
| Remote Port | The port of the target service | 5432 |
Click Test Connection to verify that SurveyAnalytica can establish the tunnel and reach the target service. If successful, click Save.
When an integration or workflow needs to reach your internal resource, SurveyAnalytica:
sa-tunnel) on the jump server for SurveyAnalytica. Do not use root or shared accounts.~/.ssh/authorized_keys before the key:
no-pty,no-agent-forwarding,no-X11-forwarding,permitopen="10.0.1.50:5432" ssh-ed25519 AAAA... surveyanalytica-tunnelThis restricts the key to forwarding traffic only to the specified host and port.
/etc/ssh/sshd_config, ensure:
Match User sa-tunnel
PasswordAuthentication no
AllowTcpForwarding yes
PermitTunnel no
X11Forwarding no~/.ssh/authorized_keys on the jump server.~/.ssh should be 700, authorized_keys should be 600.nc -zv 10.0.1.50 5432.AllowTcpForwarding is set to yes in the SSH server configuration.permitopen restriction (if used) includes the correct target host and port.