[DEPRECATED] Managing PostgreSQL Databases with Luminate, SecureCRT and pgAdmin 4
This article provides step-by-step instructions for connecting to PostgreSQL servers deployed in a data center without providing a direct network connectivity form the DBA's PC to the database servers. We will use the Luminate Software Defined Perimeter approach to provide ephemeral access based on the user identity.
The article assumes the following topology:
Step 1 - Connect to Luminate Portal and open the relevant SSH Application
Please log in to your Luminate Portal (https://<my_company_tenant>.luminatesec.com).
You will see a list of applications similar to the below:
Please click on the icon representing the SSH Bastion (MyBastion in our diagram) you will be using for accessing your PostgreSQL Servers. If you don't see it in the list, please approach your Luminate administrator to provide you with access permissions to such a server.
In the above window (that will open as a side pane in the Luminate Portal) please choose if you want to authenticate with RSA Key (and then download the private key) or Temporary Access Token, and copy the User name for SSH Client, as well as Host name for SSH Client.
Step 2 - Configure SSH Tunnel with SecureCRT
Open your SecureCRT client, and in Sessions Manager window choose to create a new session:
In the session properties, fill in the Host Name and the User Name in the appropriate fields:
Define the Port Forwarding Settings:
In the above screenshot, please note the following details:
|Please note, that if you will require managing multiple servers simultaneously, it is better to use different high ports for each server.|
After defining the properties, you may tick the "Do not request a shell" check box.
Please connect to the created session, providing Access Token when SecureCRT prompts for it.
Step 3 - Configure Connection with pgAdmin
In pgAdmin, define a new server instructing it to connect to a local port chosen in SecureCRT.
You may close the SecureCRT session when you finish your pgAdmin session.
|Please do not forget to create a SecureCRT session every time you want to connect with pgAdmin prior to attempting the pgAdmin connection.|
This article refers to pgAdmin4 versions earlier than 3.1
Starting with pgAdmin4 3.1 release, pgAdmin supports SSH Tunneled connections in a native manner. Please refer to this article for an up-to-date procedure.