doc/user/layouts/shortcodes/sql-server-direct/ingesting-data/use-ssh-tunnel.html
CREATE CONNECTION command to create an SSH tunnel connection: mzsql CREATE CONNECTION ssh\_connection TO SSH TUNNEL ( HOST '', PORT , USER '' ); - Replace and ` with the public IP address and port of the SSH bastion host you created [earlier](#b-optional-configure-network-security). - Replace with the username for the key pair you created for your SSH bastion host. 1. Get Materialize's public keys for the SSH tunnel connection: mzsql SELECT \* FROM mz\_ssh\_tunnel\_connections; 1. Log in to your SSH bastion host and add Materialize's public keys to the authorized\_keys file, for example: sh # Command for Linux echo "ssh-ed25519 AAAA...76RH materialize" \>\> ~/.ssh/authorized\_keys echo "ssh-ed25519 AAAA...hLYV materialize" \>\> ~/.ssh/authorized\_keys 1. Back in the SQL client connected to Materialize, validate the SSH tunnel connection you created using the VALIDATE CONNECTION command: mzsql VALIDATE CONNECTION ssh\_connection; If no validation error is returned, move to the next step. 1. Use the CREATE SECRET command to securely store the password for the materialize SQL Server user you created: mzsql CREATE SECRET sql\_server\_pass AS ''; For AWS IAM authentication, you must create a connection to AWS. See the CREATE CONNECTION command for details. 1. Use the CREATE CONNECTION command to create another connection object, this time with database access and authentication details for Materialize to use: mzsql CREATE CONNECTION sql\_server\_connection TO SQL SERVER ( HOST '', SSH TUNNEL ssh\_connection ); - Replace `` with your SQL Server endpoint.