Skip to Main Content
Preset Feature Feedback
Status Shipped
Categories New feature
Created by Sunny Xu
Created on Feb 25, 2022

Connect to Preset via SSH

  1. What is the problem or goal the end user is trying to solve or accomplish?

    1. The customer is looking to securely connect between Preset and their database. The customer would like to use SSH instead of PrivateLink because their database is not hosted by AWS, or connecting via SSH requires no input from their IT team.

    2. Without the ability to connect their database, the customer is not able to use Preset

  2. How are they solving it currently?

    1. n/a

  3. What is the recommended solution by the Customer?

    1. Provide a self service SSH server to connect to.


  • Attach files
  • Kannan Goundan
    Reply
    |
    Mar 2, 2022

    The other reasons we want to use SSH:

    • Answering customer security questionnaires and writing up your SOC 2 system description is a bit easier if your database does not have a publicly-accessible IP address.

    • Even if we were on AWS, configuring the private network thing is more esoteric. Configuring a locked-down SSH-based proxy "bastion" is very common.

    Neither of these are dealbreakers, but since a few other analytics/BI tools provide SSH connectivity, this was enough to not include Preset.io in our list of tools to try.

    If you do add an SSH tunnel feature, it would be nice if I could specify the expected server fingerprint.

    Some related notes:

    • We considered running a TLS-based proxy instead of an SSH-based proxy, but that's not straightforward with Postgres: https://stackoverflow.com/a/65999802

    • If we ended up using TLS, we'd want to (1) provide a CA to verify the server and (2) provide a client certificate so the server can verify Preset. I couldn't tell if that was possible from your docs: https://docs.preset.io/docs/connect-data-to-preset

      • There's an "SSL" toggle, but it's not clear whether there's a place to set the CA or client certificate.

      • Would recommend using the term "SSL/TLS" in your docs. That way people will find the page when their search term uses the term "TLS", which is the current name for the protocol.

  • +16