Prerequisites
Software installation
-
OpenSSH
-
For MS Windows OS, please see Get started with OpenSSH for Windows
-
For Linux base OS. e.g Ubuntu, MacOS. OpenSSH is already available by default.
-
Connection information
The user will need the following pieces of information prior to connection:
-
The Redshift URL:
cirium-sky-prod-ctq.cwdfgggbtpne.us-east-1.redshift.amazonaws.com
-
Username: (Provided as part of your account set up)
-
Temporary password: (Provided as part of your account set up)
-
SSH Host Name:
ssh-alto.sky.cirium.com
-
SSH User name
-
SSH Private Key File
This Private Key file is part of a SSH Key Pair. Each pair has a private and public part. To authenticate you to Cirium Sky via SSH, Cirium needs to hold the public key part of the pair whereas the user will need to store the private part. To read more about how key pair authentication works see the Using Public Keys for Authentication blog by WinSCP.
How to generate SSH key pair
Open the terminal and run
ssh-keygen -t ed25519 -C "<database_username>" -f cirium_sky_key
Command arguments explanation:
-
-t
encryption type,ed25519
is recommended -
-C
Comment. Please enter your database username -
-f
Output filename
You will be prompted to provide a passphrase for the key being generated. This can be left blank or you can choose to add a passphrase, N.B. This passphrase will be required when connecting to Cirium Sky if it is set.
Enter passphrase (empty for no passphrase):
It is recommended that the user generate the key pair and send Cirium only the public key. However the Cirium Support Team can generate a unique public/private key pair and provide the private part to the user if required.
Connection Step-by-Step - Beekeeper SQL Client
The following example is given using Beekeeper, which supports SSH tunnelling within its UI.
1. Download the latest Amazon Redshift CA Certificate Bundle from https://s3.amazonaws.com/redshift-downloads/redshift-ca-bundle.crt. This file is used to let your SQL client verify that it is communicating with a genuine Redshift instance.
2. Open Beekeeper Studio. You will be asked which database type you are connecting to - choose Amazon Redshift from the list:
5. Click Test to test your connection, and you should see a notification appear that the connection was successful. If an error is shown instead, check that all the details specified above are completed correctly, and that your IP address has been granted access to Cirium Sky.
Manual Creation of an SSH Tunnel
If your SQL client of choice does not support SSH or you are using Sky in a machine to machine capacity, you can manually create an SSH tunnel within your infrastructure to forward traffic to Sky.
For example, if you had a Linux server within your infrastructure you could run thefollowing terminal command for forwarding local traffic on port 9999 to Cirium Sky:
ssh -l <your_username> -i "<your-secret-private-key>" \
-L 9999:cirium-sky-prod-ctq.cwdfgggbtpne.us-east-1.redshift.amazonaws.com:5439 \
ssh-alto.sky.cirium.com
You could then connect to Cirium Sky using the host and port <linux_server_hostname>:9999
.
To connect Cirium Sky from a machine other than your Linux server you will need to ensure that port 9999 on the Linux server is open for remote access.
If your environment uses containerisation you can also run an SSH tunnel in a container (example).
Cirium does not endorse or guarantee support on the example docker container linked above. It is provided for illustrative purposes only.
If you have any feedback or ideas about Cirium Sky Warehouse then we would love to hear from you via the Cirium Help Desk.
Comments
0 comments
Article is closed for comments.