Documentation
Getting StartedConnecting to a DatabaseProjectsQuery EditorResults & Data GridInline EditingCharts & VisualizationSchema DiagramsEXPLAIN PlansExport & ShareSSH TunnelingQuery HistorySecurity & CredentialsKeisen AIKeyboard ShortcutsTroubleshootingDatabase Guides
SSH Tunneling
Connect to remote databases through an SSH tunnel when the database is not directly accessible from your machine.
When to use SSH tunneling
Use an SSH tunnel when your database is behind a firewall or only accessible from a specific server (e.g. a bastion host or jump box).
Enabling the tunnel
In the project connection form, toggle SSH Tunnel to reveal the SSH configuration fields.
Configuration
| Field | Description |
|---|---|
| SSH Host | Hostname or IP of the SSH server |
| SSH Port | SSH port (default: 22) |
| SSH User | Username for SSH authentication |
| Password | SSH password (optional) |
| Private Key | Path to SSH private key file (optional) |
| Passphrase | Passphrase for the private key (optional) |
Use either password-based or key-based authentication. If both are provided, the private key takes precedence.
How it works
When you connect, Keisen:
- Establishes an SSH connection to the SSH host
- Opens a local TCP port on your machine
- Forwards traffic through the SSH tunnel to the remote database host and port
- Connects the database adapter to the local forwarded port
The tunnel stays open for the lifetime of the project connection and closes automatically when you disconnect.
SSH credentials
SSH passwords and private keys are encrypted with AES-256-GCM and stored locally, just like database credentials.