SSH Tunnels for Privileged Access

Creating SSH Tunnels for Secure Access.

A common scenario we hear from our users is that they want to provide access to an internal resource (for example, a production database) without having to open access to it externally. In addition, allowing their Admins and Developers to continue to use their native client tools is usually a must have requirement. So how can you satisfy such a requirement will maintaining security?


The answer is simple: use XTAM’s privileged access management while employing SSH tunnels. Using a secure, password-less SSH session to the jump server, the user’s traffic from their client is then tunneled to the desired endpoint.


Other common scenarios where SSH Tunnels are used:

  • Ports cannot or should not be opened
  • The service or system should only be accessible internally
  • Firewall configurations
  • Security architecture requires it

To enable the capturing of SQL statements to the XTAM Session Event report, please read our Capturing SQL Traffic article.

In the following example, we will demonstrate how XTAM is configured to use a Unix jump server in order to provide a SSH tunnel from an external SQL Developer client to an internal Oracle database.


To make use of SSH tunneling, you first must enable the SSH Proxy feature in XTAM. If you have not this feature yet, please first read our SSH Proxy article and then return here when complete.


To learn how you can use a Public/Private key pair to authenticate SSH proxy sessions, please read our SSH Session Public Key Authentication article.


The following sections describe how to create secure SSH records in XTAM and then how to use these records in your native desktop clients.