search cancel

[DEPRECATED] Managing PostgreSQL Databases with Luminate, SecureCRT and pgAdmin 4

book

Article ID: 174938

calendar_today

Updated On:

Products

Secure Access Cloud

Issue/Introduction

[DEPRECATED] Managing PostgreSQL Databases with Luminate, SecureCRT and pgAdmin 4

Resolution

 

This article provides step-by-step instructions for connecting to PostgreSQL servers deployed in a data center without providing a direct network connectivity form the DBA's PC to the database servers. We will use the Luminate Software Defined Perimeter approach to provide ephemeral access based on the user identity.

The article assumes the following topology:

securecrt_access_to_postgres.PNG

Step 1 - Connect to Luminate Portal and open the relevant SSH Application

Please log in to your Luminate Portal (https://<my_company_tenant>.luminatesec.com).

You will see a list of applications similar to the below:

user-portal-screenshot-for-marketplace.PNG

Please click on the icon representing the SSH Bastion (MyBastion in our diagram) you will be using for accessing your PostgreSQL Servers. If you don't see it in the list, please approach your Luminate administrator to provide you with access permissions to such a server.

SSH_server_connect_pane.png

In the above window (that will open as a side pane in the Luminate Portal) please choose if you want to authenticate with RSA Key (and then download the private key) or Temporary Access Token, and copy the User name for SSH Client, as well as Host name for SSH Client.

Step 2 - Configure SSH Tunnel with SecureCRT

Open your SecureCRT client, and in Sessions Manager window choose to create a new session:

SecureCRT_New_Session.png

In the session properties, fill in the Host Name and the User Name in the appropriate fields:

SecureCRT_SSH_Properties_Connection.png

Define the Port Forwarding Settings:

SecureCRT_Port_Forwarding.png

In the above screenshot, please note the following details:

  • Local Port (needs to be any number that is not "occupied" on the DBA's machine) - we will use this port number in the pgAdmin. 
  download.png Please note, that if you will require managing multiple servers simultaneously, it is better to use different high ports for each server.

 

  • Remote Hostname and Port (assuming the default Postgres port in this case, can be changed upon need) - this is the address that needs to be accessible from the SSH Server/Bastion inside the data center

After defining the properties, you may tick the "Do not request a shell" check box.

Please connect to the created session, providing Access Token when SecureCRT prompts for it.

Step 3 - Configure Connection with pgAdmin

In pgAdmin, define a new server instructing it to connect to a local port chosen in SecureCRT.

pgAdmin4_Connect_to_Local_Port.png

You may close the SecureCRT session when you finish your pgAdmin session.

download.png Please do not forget to create a SecureCRT session every time you want to connect with pgAdmin prior to attempting the pgAdmin connection.
download.png

This article refers to pgAdmin4 versions earlier than 3.1

Starting with pgAdmin4 3.1 release, pgAdmin supports SSH Tunneled connections in a native manner. Please refer to this article for an up-to-date procedure.

Attachments