Ssh connect to atlas using compass


I have a *.pem file for my user on mongo atlas.
I’m using it from shell and from my nodejs application with the suggested connection string from mongo atlas
however the connection string offered to me to connect via compass does not support tls and uses only user password authentication.
i’m trying to use the connection string from connect your application but am unable to figure out the correct configurations in compass under Fill in connection fields individually in order to connect.

thanks for any help with this issue

Hi Eran,

SSH is only appropriate in the self-managed paradigm in which you have the ability to actually access the backend of the operating system on which your mongodb environment runa. In MongoDB Atlas, you’re dealing with a fully managed paradigm and you connect directly to the database rather than dealing at the level of SSH. Atlas requires TLS network encryption over the wire but you will need to ensure that you open up the Atlas side IP access list firewall rules from public IP, or leverage peering or private endpoints


Hi Andrew,

this is how i successfully connect over ssl using a pem file i generated on atlas
mongo --tls --tlsCertificateKeyFile PATH_TO_PEM_FILE mongodb+srv://DOMAIN/MAINDB? authSource=%24external&authMechanism=MONGODB-X509&retryWrites=true&w=majority

how do i do the same using mongo compass ?

Hi Eran_Otzap,

I think I can help you here - Compass also uses TLS so I think the challenge here is connecting w/ X509.

In Compass, when you are asked for your connection string click the link to the right “Fill in connection fields individually”. For “Hostname” use the DOMAIN part from your example above. Then click the “SRV Record” slider to turn on. Click the drop down for “Authentication” and select X509. Then click the “More Options” tab. There for SSL you’ll need to select “Server and Client Validation”. You’ll need to click the “Select a file” for both the “Client Certificate” and “Client Private Key” and use your PEM file from above. Then for Certificate Authority you’ll need to download the active PEM from here: Chain of Trust - Let's Encrypt (under Root Certificate → Active ->PEM).

Hope this helps!


1 Like

Hi Mellissa,

works great thanks :slight_smile:


1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.