HI there, I implemented this feature recently and am happy to help figure it out. Could you start by including the error text that appears in red under the save button when you click save?
also make sure the host field has the actual db host, rather than the ssh server, and the ssh-tunnel-host field has the hostname of the ssh server. If possible it would be great to get a redacted screenshot of the settings you are using (avoiding any private information of course)
for #1 I haven’t added the UI parts yet for entering ssh private keys into metabase because I’m waiting to hear from people who use this feature what they would like that to look like. Should they be on the host (or linked into the docker container with “volumes”) or stored in the MB db. It’s important to think the security implications through carefully.
for #2 Metabase uses the Jsch java implementation of the ssh protocol because it’s cross platform and easier to work with from Clojure. There are some differences with putty and openssh though it’s been years since I have seen this break it for anyone. I need to change the code to get more detailed authentication logging out of Jsch.
when you are connecting through beanstalk there is the extra layer of docker between metabase and the DB so we should first test these scenarios:
-
ssh to the ec2 instance and open the ssh tunnel manually:
ssh -L5432:localhost:5432 me@my-db-host.example.com
and while that tunnel is sitting open try using metabase to connect to the DB using the ip address of the ec2 instance (not the word localhost) as the DB host and the username/password for the db. leave ssh-tunneling turned off for this step.
-
start a shell in the metabase docker container and from that shell attempt to connect to the ssh host on port 22 using the
nccommand. we are just checking to see if the connection can open and don’t need to actually authenticatenc -v ssh-host 22
and see if it says it was connected successfully. If not it could be a problem of name resolution inside the container.