28
edits
SSH to a server via Bastion: Difference between revisions
m
→Connecting to a server
| (6 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== Bastion in a nutshell == | == Bastion in a nutshell == | ||
[https://ovh.github.io/the-bastion/index.html The Bastion] is a single point of entry for SSH connections. | [https://ovh.github.io/the-bastion/index.html The Bastion] is a single point of entry for SSH connections. Like an http reverse proxy for ssh, it is used to connect to other servers. | ||
Some servers in SD4H may not be publicly accessible from the public internet for security reasons. | Some servers in SD4H may not be publicly accessible from the public internet for security reasons. | ||
| Line 26: | Line 26: | ||
# Non-interactive mode | # Non-interactive mode | ||
# Directly to an external, registered server. | # Directly to an external, registered server. | ||
In a direct connection, | In a direct connection, The Bastion acts as a transparent pass-through. This is the most convenient, likely and common way you will connect. See the "Connecting to a server" section below. | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| Line 66: | Line 66: | ||
bssh <SERVER 2 USER>@<SERVER 2 IP> | bssh <SERVER 2 USER>@<SERVER 2 IP> | ||
</syntaxhighlight>OpenStack provides name resolution for VMs on the same network. If the Bastion server is on the same OpenStack network as the destination servers, you may use the VM name rather than its IP address. This makes using bssh essentially identical to using ssh (though rather than a destination domain name, the VM name is used). <syntaxhighlight lang="bash"> | </syntaxhighlight>OpenStack provides name resolution for VMs on the same network. If the Bastion server is on the same OpenStack network as the destination servers, you may use the VM name rather than its IP address. This makes using bssh essentially identical to using ssh (though rather than a destination domain name, the VM name is used). <syntaxhighlight lang="bash"> | ||
bssh <SERVER 1 USER>@<SERVER 1 | bssh <SERVER 1 USER>@<SERVER 1 HOSTNAME> | ||
</syntaxhighlight> | |||
=== Typical Commands === | |||
The Bastion has a lot of commands available. Autocomplete is very helpful and removes the need to remember a whole new set of CLI commands. For a typical user, the [potentially] most relevant are: <syntaxhighlight lang="bash"> | |||
# Show a help message, including available commands. | |||
help | |||
# Basic info about your account. | |||
info | |||
# List accessible servers. | |||
selfListAccess | |||
# Generate scp passthrough script. | |||
scp | |||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Using scp, sftp, rsync through The Bastion === | === Using scp, sftp, rsync through The Bastion === | ||
It is possible to scp files in both directions through The Bastion using a special script that The Bastion will generate for you. Follow the [https://ovh.github.io/the-bastion/plugins/open/scp.html scp setup directions] found in The Bastion documentation. | |||
Check the scp-via-bastion script The Bastion generates - it may need some minor tweaking.<syntaxhighlight lang="bash"> | |||
# Check | |||
BASTION_CMD="ssh davidbr@bastion-candig " | |||
# Change to FQDN or IP address, if needed. | |||
BASTION_CMD="ssh davidbr@198.168.188.147 " # Or @<DOMAIN NAME> | |||
</syntaxhighlight>The scp-via-bastion script may also be renamed (or aliased) and moved from $HOME to a directory within the user's $PATH (such as ~/.local/bin/). | |||
=== Access types === | === Access types === | ||
The Bastion provides both Group and Personal access methodologies. Which method you use depends on The Bastion configurations. Your connections will work the same no matter which method is used, so from a user perspective, the distinction is moot. | |||