# SSH Tunneling

You may opt to choose SSH Tunneling as well through a bastion host within your VPC to allow decube collectors access to your data source.

### SSH Bastion Host Setup

Setting up a SSH Bastion host differs based on the Cloud provider you are on. Here's some reference for the different providers:

* [AWS](https://aws.amazon.com/premiumsupport/knowledge-center/rds-connect-ec2-bastion-host/)
* [GCP](https://cloud.google.com/kubernetes-engine/docs/tutorials/private-cluster-bastion#create-bastion)
* [Azure](https://learn.microsoft.com/en-us/azure/bastion/bastion-overview)

### Getting your Public Key

When connecting to your data source for the first time, you can enable the "Enable SSH" toggle to get your organization-wide public key. Copy or download the file for later.

<figure><img src="/files/cBYYV2kkqmKsTlXfkaTl" alt=""><figcaption></figcaption></figure>

### Create A SSH User

We recommend creating a unique SSH User just for decube purposes. This lets you separate all configuration to only this unique user. To do so, access your own SSH host server as a privileged user or through sudo and run

```
sudo useradd -m [DECUBE_USERNAME] # choose any username (you'll need to pass this to us)
sudo passwd [DECUBE_USERNAME]     # you'll be prompted to input a password
                                  # this password is for your login only, do not share
                                  # with us
```

### Add Key to SSH Host

Access your own SSH host server as the previously created user and add the previously mentioned SSH Public Key to the `authorized_key` file. Usually this will be located at `/home/YOURUSER/.ssh/authorized_key`.

{% hint style="info" %}
You'd need to share with us the SSH username, SSH host and SSH port later
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.decube.io/security-and-connectivity/ssh-tunneling.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.