QuraMate Logo QuraMate Docs
Getting started

Guide

SSH Tunneling

Introduce SSH access carefully, verify host keys, and only trust tunnels after explicit validation.

Updated 2026-03-15 · 6 min read

Jump to another doc

Validate Tunnel Inputs First

When sshEnabled is on, verify these fields before testing:

  • sshHost, sshPort
  • sshUser
  • one auth path (sshPassword or sshKeyFile)

Use read-only DB credentials while validating tunnel behavior.

Connection screen with SSH path
Enable SSH tunnel only after base connection values are correct.

Trust Host Keys Explicitly

QuraMate SSH flow verifies host keys and checks known hosts entries. If host key is untrusted or changed, treat it as a security checkpoint, not a retry loop.

Expected trust flow:

  1. fetch host key info (host, port, key type, fingerprint)
  2. compare against expected/pinned fingerprint
  3. trust only after explicit operator decision

If key mismatch appears, stop and verify rotation reason before continuing.

Keep Credentials Disciplined

Use dedicated SSH credentials per environment. Avoid sharing a single jump-host user across unrelated teams or risk levels.

After a successful tunnel test, move to Connections and then Session Recovery to verify restart behavior.

Related Docs

More in Connections & Workspace / Security

Connections

Work with multiple databases using the same connection model QuraMate expects in DBConfig.

Connections · 6 min

Session Recovery

Recover dashboard tabs intentionally, with clear safeguards for what should and should not reopen.

Workspace · 6 min