To connect your MongoDB database to MBI via an SSH tunnel, you (or your team, if you are not a techie) will need to do a few things:
Due to the technical nature of this setup, we suggest you loop in a developer to help out if you have not done this before.
The public key
is used to authorize the MBI Linux
user. In the next section, we create the user and import the key.
Encrypted
toggle to Yes
. This will display the SSH setup form.public key
is located underneath this form.Leave this page open throughout the tutorial - you will need it in the next section and at the end.
If you are a bit lost, Here is how to navigate through MBI to retrieve the key:
For the connection to be successful, your must configure your firewall to allow access from our IP addresses. They are 54.88.76.97
and 34.250.211.151
, but it is also on the MongoDB credentials page:
Linux
user for MBIIf the sshd_config
file associated with the server is not set to the default option, only certain users will have server access - this will prevent a successful connection to MBI. In these cases, it is necessary to run a command like AllowUsers
to allow the rjmetric
user access to the server.
This can be a production or secondary machine, as long as it contains real-time (or frequently updated) data. You may restrict this user any way you like as long as it retains the right to connect to the MongoDB server.
To add the new user, run the following commands as root on your Linux
server:
adduser rjmetric -p
mkdir /home/rjmetric
mkdir /home/rjmetric/.ssh
Remember the public key
we retrieved in the first section? To ensure the user has access to the database, we need to import the key into authorized_keys
. Copy the entire key into the authorized_keys
file as follows:
touch /home/rjmetric/.ssh/authorized_keys
"< PASTE KEY HERE >" >> /home/rjmetric/.ssh/authorized_keys
To finish creating the user, alter the permissions on the /home/rjmetric directory to allow access via SSH:
chown -R rjmetric:rjmetric /home/rjmetric
chmod -R 700 /home/rjmetric/.ssh
MongoDB servers have two run modes - one with the “auth” option (mongod -- auth)
and one without, which is the default. The steps for creating a MongoDB user will vary a bit depending on what mode your server is using, so be sure to verify the mode before continuing.
Auth
Option:When connecting to multiple databases, you can add the user by logging into MongoDB as an admin user and running the following commands.
To see all available databases, the MBI user requires the permissions to run listDatabases.
This command will grant the MBI user access to all databases
:
use admin
db.createUser('rjmetric', '< secure password here >', true)
Use this command to grant the MBI user access to a single database
:
use < database name >
db.createUser('rjmetric', '< secure password here >', true)
This will print a response that looks like this:
{
"id": ObjectId("< some object id here >"),
"user": "rjmetric",
"readOnly": true,
"pwd": "< some hash here >"
}
If your server does not use auth
mode, your MongoDB server will still be accessible even without a username and password. However, you should ensure the mongodb.conf
file (/etc/mongodb.conf)
has the following lines - if not, restart your server after you add them.
bind_ip = 127.0.0.1
noauth = true
To bind your MongoDB server to a different address, adjust the database hostname in the next step accordingly.
To wrap things up, we need to enter the connection and user info into MBI. Did you leave the MongoDB credentials page open? If not, go to Data > Connections and click Add New Data Source, then the MongoDB icon. do not forget to change the Encrypted
toggle to Yes
.
Enter the following info into this page, starting with the Database Connection
section:
Host
: 127.0.0.1
Username
: The MBI MongoDB username (should be rjmetric
)Password
: The MBI MongoDB passwordPort
: MongoDB’s port on your server (27017
by default)Database Name
(Optional): If you only allowed access to one database, specify the name of that database here.Under the SSH Connection
section:
Remote Address
: The IP address or hostname of the server we will SSH intoUsername
: The MBI Linux (SSH) username (should be rjmetric)SSH Port
: The SSH port on your server (22 by default)That is it! When you are finished, click Save Test to complete the setup.