This guide describes how to remotely access a Specify Cloud database to perform direct database backups, restores, execute SQL scripts, and connect using the Specify 6 client if necessary.
Intended for technical or IT users only.
1. Generate an SSH Key Pair
Each client machine needs an SSH key pair.
Linux & macOS
- Check for an existing key:
ls ~/.ssh/id_rsa.pub
- If missing, generate a new key:
ssh-keygen -t rsa -b 4096
- Your public key will be in
~/.ssh/id_rsa.pub
.
Windows (PuTTY)
- Download puttygen.exe (and putty.exe) from the PuTTY site.
- Run
puttygen.exe
→ Generate, move your mouse to build entropy. - Click Save public key and Save private key (
.ppk
). - Email your public key file to support@specifysoftware.org with subject
“SSH Key for Database Access” and include:- Your Specify database name (e.g.,
my_institution_db
) - A request for a matching SSH/DB user
- Desired backup frequency (daily, weekly, etc.)
- Your Specify database name (e.g.,
2. Provisioning Your SSH & Database User
Once we receive your public key, we will:
- Create a restricted SSH user (key‐only login, no password).
- Create a MySQL user matching your database name.
- Grant permissions only on your database.
- Ensure you can run backups at your chosen frequency.
You will receive:
- SSH username and host
- Database username and password
- MySQL host endpoint
3. SSH Tunnel Setup
Use the table below to find your region’s hosts:
3.1 Linux & macOS
ssh -N -L 3307:<MySQL Host>:3306 <SSH user>@<SSH Host>
Example (North America):
ssh -N -L 3307:specify-cloud-na-db-1.cqvncffkwz9t.us-east-1.rds.amazonaws.com:3306 \
my_institution_db@na-specify7-1.specifycloud.org
-N
: no remote command-L
: local port forwarding- Tunnel remains open until Ctrl+C.
3.2 Windows (PuTTY Shortcut)
- Create a shortcut to
putty.exe
. - Right-click → Properties → in Target, append:
-ssh -i C:\path\to\your_private_key.ppk <SSH user>@<SSH Host> \ -L 3307:<MySQL Host>:3306 -N
- Double-click to open the tunnel; close the window to terminate.
4. Connect Your Tools
4.1 MySQL Client
Configure any MariaDB client to use:
We recommend using DBeaver or the command line.
- Host:
127.0.0.1
- Port:
3307
- Database:
<your_database_name>
- Username:
<your_database_name>
- Password: (as provided by support)
4.2 Specify 6 Client
- In Specify 7 (web UI), click your user name → Generate Master Key. Enter your password and copy the key.
- In Specify 6 login dialog, click More Information and enter:
- Username: (same as Specify 7)
- Password: (same as Specify 7)
- Database: (as provided)
- Server:
127.0.0.1
- Port:
3307
- Click Configure Master Key, then paste your key into Encrypted Username / Password.
- Click OK and log in.
5. Performing Backups
Run your preferred dump command locally through the tunnel:
mysqldump \
-h 127.0.0.1 -P 3307 \
-u my_institution_db -p \
my_institution_db > backup_$(date +%Y-%m-%d).sql
Schedule via cron, Task Scheduler, or another scheduler as needed.
6. Closing the Tunnel
- Linux/macOS: press Ctrl+C in the terminal.
- Windows: close the PuTTY window.
You now have secure, restricted SSH access to your Specify Cloud database for backups, restores, SQL scripting, and Specify 6 connections.