Reader TTS

For this tutorial: * We’ve set up a Linode Linux server * We’re using CentOS 7 as our Linux distribution (other Linux distributions will be similar) * We’ve installed VespaCP as our control

panel (1. because it makes handling firewall rules easy and 2. because it installs a MariaDB database for us) > Note: If you want to use a different CONTROL PANEL (or no control > 

panel at all) you can easily install MariaDB manually and use > iptables to configure your firewall. So, our goal is to securely connect Trevor.io to our MariaDB database, via SSH. STEPS:

* Create an SSH user for Trevor.io * Generate the public and private key pair * Test the connection * Whitelist Trevor.io’s IP addresses in our firewall 1. CREATE AN SSH USER FOR TREVOR.IO

We will create an SSH user called ‘trevz’ specifically for the purpose of connecting from Trevor.io. Let’s assume that our Linode server is hosted at IP 45.56.97.100. SSH into your server as

root (or a user with sudo access): ssh [email protected] Once signed in to your Linode server as root, create a user called trevz: useradd trevz && passwd trevz Now, from your local

machine, check that you can ssh in as that new user: ssh [email protected] > Note: more info on these steps are available here. All good so far? 2. GENERATE THE PUBLIC AND PRIVATE KEY

PAIR From your local machine, ssh in again as the new user: ssh [email protected] And create the .ssh directory (this is where your public key will be copied to): mkdir ~/.ssh && 

chmod 700 ~/.ssh/ Now back on your local machine (we assume you’re using OSX or Linux), generate the keypair using ssh-keygen : $ SSH-KEYGEN -M PEM -T RSAGenerating public/private rsa key 

pair.Enter file in which to save the key (~/.ssh/id_rsa): TREVZ.PEMEnter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in TREVZ.PEM.Your

 public key has been saved in TREVZ.PEM.PUB. You should now have two new files in your current directory: TREVZ.PEM and TREVZ.PEM.PUB. These are your private and public keys. Now use scp to

copy the public key to the authorized_keys file in your ‘trevz’ user’s .ssh folder: scp ./trevz.pem.pub [email protected]:~/.ssh/authorized_keys If this has worked successfully, you should

now be able to SSH to the Linode server, as ‘trevz’ using the private key INSTEAD of a password: ssh -i ./trevz.pem [email protected] 3. TEST THE CONNECTION Assuming you’re able to connect

from your terminal: ssh -i ./trevz.pem [email protected] You’re now ready to test the connection from Trevor.io. Set the following in Trevor.io: * Nickname: My linode MariaDB db *

Connection method: Standard (TCP/IP) over SSH * SSH Host: 45.56.97.100 * SSH Port: 22 * SSH User: trevz * SSH Key file: trevz.pem * My database is behind a firewall: yes (this is actually

only needed if you have firewall rules. See step 4 below). * Database host: localhost * Port: 3306 * User/Password/Database: <whatever you’ve set them as> (if you use VespaCP, they are

stored in /usr/local/vesta/conf/mysql.conf) * Version: mysql And click TEST CONNECTION. Hopefully it should connect successfully. > Note: If not, ping us a message from the Intercom at 

Trevor.io. 4. WHITELIST TREVOR.IO’S IP ADDRESSES IN OUR FIREWALL The final step is that you probably want to set your firewall rules to be more restrictive. i.e. you only want SSH access to

be available from specific IP addresses. Trevor.io will always connect from either 34.192.31.89 or 34.192.37.108. You can therefore whitelist the above two IPs for SSH access: The above

image shows how to set the firewall rules in VespaCP. > Note: make sure you tick the box “MY DATABASE IS BEHIND A > FIREWALL” in Trevor.io. All done! You should now be able to securely

connect to your Mariadb database using Trevor.io. Hope this was helpful. Any questions, ping us a message via the Intercom at Trevor.io.