Remote Access Procedure for Specify Cloud

:book: This guide describes how to remotely access a Specify Cloud database to perform direct database backups, restores, execute SQL scripts, and connect using the Specify 6 client if necessary.

:gear: Intended for technical or IT users only.


1. Generate an SSH Key Pair

Each client machine needs an SSH key pair.

Linux & macOS

  1. Check for an existing key:
    ls ~/.ssh/id_rsa.pub
    
  2. If missing, generate a new key:
    ssh-keygen -t rsa -b 4096
    
  3. Your public key will be in ~/.ssh/id_rsa.pub.

Windows (PuTTY)

  1. Download puttygen.exe (and putty.exe) from the PuTTY site.
  2. Run puttygen.exeGenerate, move your mouse to build entropy.
  3. Click Save public key and Save private key (.ppk).
  4. Email your public key file to support@specifysoftware.org with subject
    “SSH Key for Database Access” and include:
    • Your Specify database name (e.g., my_institution_db)
    • A request for a matching SSH/DB user
    • Desired backup frequency (daily, weekly, etc.)

2. Provisioning Your SSH & Database User

Once we receive your public key, we will:

  • Create a restricted SSH user (key‐only login, no password).
  • Create a MySQL user matching your database name.
  • Grant permissions only on your database.
  • Ensure you can run backups at your chosen frequency.

You will receive:

  • SSH username and host
  • Database username and password
  • MySQL host endpoint

3. SSH Tunnel Setup

Use the table below to find your region’s hosts:

3.1 Linux & macOS

ssh -N -L 3307:<MySQL Host>:3306 <SSH user>@<SSH Host>

Example (North America):

ssh -N -L 3307:specify-cloud-na-db-1.cqvncffkwz9t.us-east-1.rds.amazonaws.com:3306 \
    my_institution_db@na-specify7-1.specifycloud.org
  • -N: no remote command
  • -L: local port forwarding
  • Tunnel remains open until Ctrl+C.

3.2 Windows (PuTTY Shortcut)

  1. Create a shortcut to putty.exe.
  2. Right-click → Properties → in Target, append:
    -ssh -i C:\path\to\your_private_key.ppk <SSH user>@<SSH Host> \
    -L 3307:<MySQL Host>:3306 -N
    
  3. Double-click to open the tunnel; close the window to terminate.

4. Connect Your Tools

4.1 MySQL Client

Configure any MariaDB client to use:

We recommend using DBeaver or the command line.

  • Host: 127.0.0.1
  • Port: 3307
  • Database: <your_database_name>
  • Username: <your_database_name>
  • Password: (as provided by support)

4.2 Specify 6 Client

  1. In Specify 7 (web UI), click your user name → Generate Master Key. Enter your password and copy the key.
  2. In Specify 6 login dialog, click More Information and enter:
    • Username: (same as Specify 7)
    • Password: (same as Specify 7)
    • Database: (as provided)
    • Server: 127.0.0.1
    • Port: 3307
  3. Click Configure Master Key, then paste your key into Encrypted Username / Password.
  4. Click OK and log in.

5. Performing Backups

Run your preferred dump command locally through the tunnel:

mysqldump \
  -h 127.0.0.1 -P 3307 \
  -u my_institution_db -p \
  my_institution_db > backup_$(date +%Y-%m-%d).sql

Schedule via cron, Task Scheduler, or another scheduler as needed.


6. Closing the Tunnel

  • Linux/macOS: press Ctrl+C in the terminal.
  • Windows: close the PuTTY window.

You now have secure, restricted SSH access to your Specify Cloud database for backups, restores, SQL scripting, and Specify 6 connections.