Last Updated: 2024-02-22


For security reasons, many data sources are not publicly accessible. In such cases, Starburst Galaxy connects to these data sources using one of the following secure methods.

SSH tunnel and bastion host

The first method involves configuring an SSH tunnel using a bastion host.

A bastion host is a Linux server or Virtual Machine (VM) with both public and private IP addresses. It is typically configured to allow only SSH tunneling and no other applications. on port 22 for access. Access to the bastion host is usually restricted to port 22, which is the SSH port.

This is the method outlined in this tutorial.


The second method uses PrivateLink to create a secure connection. Starburst offers several tutorials to guide you step-by-step through this process.

Scope of tutorial

In this tutorial, you will learn how to configure an SSH tunnel for use with Starburst Galaxy. You will work in both the Starburst Galaxy UI and a terminal window.

Learning objectives

Once you've completed this tutorial, you will be able to:


About Starburst tutorials

Starburst tutorials are designed to get you up and running quickly by providing bite-sized, hands-on educational resources. Each tutorial explores a single feature or topic through a series of guided, step-by-step instructions.

As you navigate through the tutorial you should follow along using your own Starburst Galaxy account. This will help consolidate the learning process by mixing theory and practice.


Starburst Galaxy separates users by role. Configuring an SSH tunnel will require access to a role with appropriate privileges. Today, you'll be using the accountadmin role.

This is a quick step, but an important one.

Step 1: Set your role

Your current role is listed in the top right-hand corner of the screen.


Now it's time to begin configuring an SSH tunnel that uses your bastion host.

Your bastion host will act as a gateway between your private, internal network and the public, external internet. It allows secure access to these internal resources by acting as a single entry point, enforcing strict access controls, and monitoring and logging access attempts.

Step 1: Create a new SSH tunnel

Start by creating a new SSH tunnel in Starburst Galaxy. This will be used by your bastion host to communicate with your private Starburst Galaxy cluster.

Step 2: Generate an RSA key

Now it's time to generate an RSA key. Later, you will add this key to your SSH tunnel's authorized_keys file. This will enable the secure connection..

Step 3: SSH into your bastion host

Now it's time to access your bastion host using SSH. This can be achieved in a number of different ways.

vi ~/.ssh/authorized_keys

Step 4: Add the RSA key to the authorized_keys file

Now it's time to take the RSA key generated in Starburst Galaxy and add it to the authorized_keys file in your /.ssh folder.

cat ~/.ssh/authorized_keys

Step 5: Complete the SSH tunnel configuration

You're ready to complete the SSH tunnel configuration in Starburst Galaxy. To do this, you'll enter the user and IP address of your bastion host.

Tutorial complete

Congratulations! You have reached the end of this tutorial, and the end of this stage of your journey.

You're all set! Now you can use your SSH tunnel to configure access to various catalogs in your Starburst Galaxy account.

Continuous learning

At Starburst, we believe in continuous learning. This tutorial provides the foundation for further training available on this platform, and you can return to it as many times as you like. Future tutorials will make use of the concepts used here.

Next steps

Starburst has lots of other tutorials to help you get up and running quickly. Each one breaks down an individual problem and guides you to a solution using a step-by-step approach to learning.

Tutorials available

Visit the Tutorials section to view the full list of tutorials and keep moving forward on your journey!

Start Free with
Starburst Galaxy

Up to $500 in usage credits included

  • Query your data lake fast with Starburst's best-in-class MPP SQL query engine
  • Get up and running in less than 5 minutes
  • Easily deploy clusters in AWS, Azure and Google Cloud
For more deployment options:
Download Starburst Enterprise

Please fill in all required fields and ensure you are using a valid email address.