SSH tunnelling is only available under the Linux builds of Rekall, and is currently supported for MySQL and PostgreSQL
SSH tunneling, in general, is a mechanism for making TCP/IP connections possible via an (secure and encrypted) SSH connection. Please refer to the ssh and sshd documentation for details. However, the basic mechanism is that, given that you can establish an SSH login to a remote machine, the local instance of ssh listens on a specified port number; any connection made to this port is routed via the SSH connection to the remote machine, whence a further connection is made to a specified port on a specified machine. Data is then passed between the local port and the latter port/machine. This allows, for instance, connections though firewalls where you have an SSH login to a machine inside the firewall, but do not have access through the firewall to some server.
To use SSH tunneling with Rekall, the SSH Tunneling setting in the advanced properties dialog for a server database should be set to a string like name@address:port. Here, address is the name or address of the machine to which you have SSH access, name is your login name on that machine, and port is a port number on the local machine (ie., the one running Rekall). Note that, since Rekall cannot prompt for an SSH password, you must be able to establish the SSH login without requiring a password (ie., by storing your public key for the local machine in the appropriate location on the server, again see the SSH documentation).
When Rekall opens a database connection, if first executes the ssh command, passing name@address as the address and user name for the connection. It specifies the port from the name@address:port string as the local port on which ssh should listen, and the host and port settings (from the database settings; here port defaults to the standard port for the server database) as the destination to which the remote machine should connect to the server database. The server database connection is then made via the local port.
Suppose that the SSH tunneling setting is mike@quaking.demon.co.uk:3001, and that the host and port settings are www.microsoft.com and 5432 respectively. Then, the ssh command will connect to mike@quaking.demon.co.uk, and will listen on port 3001. The server database connection is then made to port 3001 on the local machine; the server end of the SSH connection, on quaking.demon.co.uk will then connect to port 5432 on www.microsoft.com ( Specifically, the ssh command will be ssh -C -N -L 3001:www.microsoft.com:5432 mike@thekomnpany.com. The -C connection means that data is compressed, and -N that no shell is actually run on quaking.demon.co.uk. ) (and will most likely fail, this 5432 is the default PostgreSQL port, and we can assume that PostgreSQL will not be running there:)
Please note the SSH command (or the sshd server process on the remote machine) may close the connection if there is no traffic for some period of time. You should consult your ssh and sshd documentation for timeout-related settings.