Ping a Specific Port

Question

Joel Divekar

Asked: 2020-12-14 23:02:05 +0800 CST2020-12-14 23:02:05 +0800 CST 2020-12-14 23:02:05 +0800 CST

Bastion host user access

772

I am using my bastion host to connect to internal servers as follows

ssh -J user@BastionHost user@InternalServer

Is it required to create user on Bastion host to jump to internal servers ? Or can we just use this server to Jump to internal servers ?

1 Answers

Voted

Bob · Answer 1 · 2020-12-14T23:36:54+08:00

Bob

2020-12-14T23:36:54+08:002020-12-14T23:36:54+08:00

The purpose of the bastion host is, among others, to allow only authenticated users to access to your internal servers.

How your bastion does that authentication is something you can decide on.

Creating a user account there for each user that is allowed remote ssh access is an easy way to set up such authentication.

That comes with a couple of advantages (quite robust, easy to understand etc) but depending on the number of joiners and leavers maybe laborious to maintain and scale. And when you only provide ssh access people will need to tunnel other protocols (for instance to manage your databases)

Running a VPN server on your bastion host allows for more flexibility. A VPN also has the advantage that VPN users won’t be able to access the bastion server itself, it only provides access to the internal servers.

0

Bastion host user access

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?