SSH interface with PTY
Preface
ClickHouse server allows to connect to itself directly using the SSH protocol. Any client is allowed.
After creating a database user identified by an SSH key:
You are able to use this key to connect to a ClickHouse server. It will open a pseudoterminal (PTY) with an interactive session of clickhouse-client.
The command execution over SSH (the non-interactive mode) is also supported:
Server configuration
In order to enable the SSH server capability, you need to uncomment or place the following section in your config.xml:
The host key is an integral part of a SSH protocol. The public part of this key is stored in the ~/.ssh/known_hosts file on the client side and typically needed to prevent man-in-the-middle type of attacks. When connecting to the server for the first time you will see the message below:
This, in fact means: "Do you want to remember the public key of this host and continue connecting?".
You can tell your SSH client not to verify the host by passing an option:
Configuring embedded client
You are able to pass options to an embedded client similar to the ordinary clickhouse-client, but with a few limitations.
Since this is an SSH protocol, the only way to pass parameters to the target host is through environment variables.
For example setting the format can be done this way:
You are able to change any user-level setting this way and additionally pass most of the ordinary clickhouse-client options (except ones which don't make sense in this setup.)
Important:
In case if both query option and the SSH command is passed, the latter one is added to the list of queries to execute: