diff --git a/airbyte-integrations/bases/base-java/src/main/resources/ssh-tunnel-spec.json b/airbyte-integrations/bases/base-java/src/main/resources/ssh-tunnel-spec.json
index 616dc1428ac0..4eefff75970c 100644
--- a/airbyte-integrations/bases/base-java/src/main/resources/ssh-tunnel-spec.json
+++ b/airbyte-integrations/bases/base-java/src/main/resources/ssh-tunnel-spec.json
@@ -60,21 +60,6 @@
           "airbyte_secret": true,
           "multiline": true,
           "order": 4
-        },
-        "remote_resource_host": {
-          "title": "Remote Database Host",
-          "description": "Hostname or static IP address of the database to port-forward, as recognized from the jump server.",
-          "type": "string",
-          "order": 5
-        },
-        "remote_resource_port": {
-          "title": "Remote Database Port",
-          "description": "Port on the database to port-forward, typically that database's usual default port.",
-          "type": "integer",
-          "minimum": 0,
-          "maximum": 65536,
-          "examples": ["5432"],
-          "order": 6
         }
       }
     },
@@ -122,21 +107,6 @@
           "type": "string",
           "airbyte_secret": true,
           "order": 4
-        },
-        "remote_resource_host": {
-          "title": "Remote Database Host",
-          "description": "Hostname or static IP address of the database to port-forward, as recognized from the jump server.",
-          "type": "string",
-          "order": 5
-        },
-        "remote_resource_port": {
-          "title": "Remote Database Port",
-          "description": "Port on the database to port-forward, typically that database's usual default port.",
-          "type": "integer",
-          "minimum": 0,
-          "maximum": 65536,
-          "examples": ["5432"],
-          "order": 6
         }
       }
     }
diff --git a/docs/integrations/sources/postgres.md b/docs/integrations/sources/postgres.md
index c944f15d745f..91cbbf5e2ef7 100644
--- a/docs/integrations/sources/postgres.md
+++ b/docs/integrations/sources/postgres.md
@@ -246,6 +246,22 @@ Unfortunately, logical replication is not configurable for Google CloudSQL. You
 
 If you encounter one of those not listed below, please consider [contributing to our docs](https://github.com/airbytehq/airbyte/tree/master/docs) and providing setup instructions.
 
+## Connection to Postgres via an SSH Tunnel
+
+Airbyte has the ability to connect to a Postgres instance via an SSH Tunnel. The reason you might want to do this because it is not possible (or against security policy) to connect to the database directly (e.g. it does not have a public IP address).
+
+When using an SSH tunnel, you are configuring Airbyte to connect to an intermediate server (a.k.a. a bastion sever) that _does_ have direct access to the database. Airbyte connects to the bastion and then asks the bastion to connect directly to the server.
+
+Using this feature requires additional configuration, when creating the source. We will talk through what each piece of configuration means.
+1. Configure all fields for the source as you normally would, except `SSH Tunnel Method`.
+2. `SSH Tunnel Method` defaults to `No Tunnel` (meaning a direct connection). If you want to use an SSH Tunnel choose `SSH Key Authentication` or `Password Authentication`.
+   1. Choose `Key Authentication` if you will be using an RSA Private as your secrets for establishing the SSH Tunnel (see below for more information on generating this key).
+   2. Choose `Password Authentication` if you will be using a password as your secret for establishing the SSH Tunnel.
+3. `SSH Tunnel Jump Server Host` refers to the intermediate (bastion) server that Airbyte will connect to. This should be a hostname or an IP Address.
+4. `SSH Connection Port` is the port on the bastion server with which to make the SSH connection. The default port for SSH connections is `22`, so unless you have explicitly changed something, go with the default.
+5. `SSH Login Username` is the username that Airbyte should use when connection to the bastion server. This is NOT the Postgres username.
+6. If you are using `Password Authentication`, then `SSH Login Username` should be set to the password of the User from the previous step. If you are using `SSH Key Authentication` leave this blank. Again, this is not the Postgres password, but the password for the OS-user that Airbyte is using to perform commands on the bastion.
+7. If you are using `SSH Key Authentication`, then `SSH Private Key` should be set to the RSA Private Key that you are using to create the SSH connection. This should be the full contents of the key file starting with `-----BEGIN RSA PRIVATE KEY-----` and ending with `-----END RSA PRIVATE KEY-----`.
 
 ## Changelog