Last Updated: 2024-02-22

Background

For security reasons, many data sources are not publicly accessible. In such cases, Starburst Galaxy connects to these data sources using one of the following secure methods.

SSH tunnel and bastion host

The first method involves configuring an SSH tunnel using a bastion host.

A bastion host is a Linux server or Virtual Machine (VM) with both public and private IP addresses. It is typically configured to allow only SSH tunneling and no other applications. on port 22 for access. Access to the bastion host is usually restricted to port 22, which is the SSH port.

This is the method outlined in this tutorial.

PrivateLink

The second method uses PrivateLink to create a secure connection. Starburst offers several tutorials to guide you step-by-step through this process.

Scope of tutorial

In this tutorial, you will learn how to configure an SSH tunnel for use with Starburst Galaxy. You will work in both the Starburst Galaxy UI and a terminal window.

Learning objectives

Once you've completed this tutorial, you will be able to:

• Configure an SSH tunnel.
• Use an SSH tunnel to securely connect Starburst Galaxy to your data source.

Prerequisites

• You need a Starburst Galaxy account to complete this tutorial. Please see Starburst Galaxy: Getting started for instructions on setting up a free account.
• This tutorial assumes that you have already created a bastion host that uses SSH. It will show you how to configure Starburst Galaxy to use the bastion host, but will not show you how to create the bastion host itself.

About Starburst tutorials

Starburst tutorials are designed to get you up and running quickly by providing bite-sized, hands-on educational resources. Each tutorial explores a single feature or topic through a series of guided, step-by-step instructions.

As you navigate through the tutorial you should follow along using your own Starburst Galaxy account. This will help consolidate the learning process by mixing theory and practice.

Background

Starburst Galaxy separates users by role. Configuring an SSH tunnel will require access to a role with appropriate privileges. Today, you'll be using the accountadmin role.

This is a quick step, but an important one.

Step 1: Set your role

Your current role is listed in the top right-hand corner of the screen.

• Check your role, to ensure that it is set to accountadmin.
• If it is set to anything else, use the drop-down menu to select the correct role.

Background

Now it's time to begin configuring an SSH tunnel that uses your bastion host.

Your bastion host will act as a gateway between your private, internal network and the public, external internet. It allows secure access to these internal resources by acting as a single entry point, enforcing strict access controls, and monitoring and logging access attempts.

Step 1: Create a new SSH tunnel

Start by creating a new SSH tunnel in Starburst Galaxy. This will be used by your bastion host to communicate with your private Starburst Galaxy cluster.

• Using the left-hand navigation menu, expand the Cloud settings menu.
• Select your cloud provider.
• Click the Configure SSH Tunnel button.

Step 2: Generate an RSA key

Now it's time to generate an RSA key. Later, you will add this key to your SSH tunnel's authorized_keys file. This will enable the secure connection..

• Generate an RSA key by clicking the button.
• Confirm that an RSA key has been generated.
• Move to the next step. Do not copy the key yet.

Step 3: SSH into your bastion host

Now it's time to access your bastion host using SSH. This can be achieved in a number of different ways.

• Open a terminal window.
• Use your chosen connection method to SSH into your bastion host.
  
  For example, ssh bastion.
• Using the VI text editor, open the ~/.ssh/authorized_keys file with the following command.

vi ~/.ssh/authorized_keys

Step 4: Add the RSA key to the authorized_keys file

Now it's time to take the RSA key generated in Starburst Galaxy and add it to the authorized_keys file in your /.ssh folder.

• In Starburst Galaxy, copy the RSA key.
• Return to the terminal window.
• Inside the authorized_keys file, move your cursor to the end of the file.
• Enter append mode by typing a.
• Move your cursor to a new line using the return key.
• Paste the RSA key that you just copied from Starburst Galaxy into the authorized_keys file.
• Press the esc key to exit insert mode.
• Type :wq, and press return to save and quit the file.
• Inspect the authorized_keys file to ensure that the key was copied into the file correctly using the following command:

cat ~/.ssh/authorized_keys

• Type exit and press enter to exit your ssh connection to the bastion host.

Step 5: Complete the SSH tunnel configuration

You're ready to complete the SSH tunnel configuration in Starburst Galaxy. To do this, you'll enter the user and IP address of your bastion host.

• Return to your Starburst Galaxy tab.
• In the SSH tunnel alias field, enter a meaningful name for the alias.
• In the SSH host field, enter the IP address of your bastion host.
• In the SSH user field, enter the user of your bastion host
• Click the Validate and save button.
• Click the Close button.

Tutorial complete

Congratulations! You have reached the end of this tutorial, and the end of this stage of your journey.

You're all set! Now you can use your SSH tunnel to configure access to various catalogs in your Starburst Galaxy account.

Continuous learning

At Starburst, we believe in continuous learning. This tutorial provides the foundation for further training available on this platform, and you can return to it as many times as you like. Future tutorials will make use of the concepts used here.

Next steps

Starburst has lots of other tutorials to help you get up and running quickly. Each one breaks down an individual problem and guides you to a solution using a step-by-step approach to learning.

Tutorials available

Visit the Tutorials section to view the full list of tutorials and keep moving forward on your journey!