6
edits
SSH to a server via Bastion: Difference between revisions
no edit summary
Vrocheleau (talk | contribs) (Created page with "== Bastion in a nutshell == [https://ovh.github.io/the-bastion/index.html The Bastion] is a single point of entry for SSH connections. Some servers in SD4H may not be publicly accessible from the public internet for security reasons. Bastion is used as an SSH proxy to connect users to servers. == Creating the Bastion alias == For your convenience, it is recommended to create an alias for the Bastion connection:") |
Vrocheleau (talk | contribs) No edit summary |
||
| Line 6: | Line 6: | ||
Bastion is used as an SSH proxy to connect users to servers. | Bastion is used as an SSH proxy to connect users to servers. | ||
== | == User guide == | ||
For your convenience, it is recommended to create an alias for the Bastion connection: | === Prerequisites === | ||
To use Bastion, an administrator must create an account for you. | |||
Please include the public SSH key you will use to connect to Bastion in your request for an account. | |||
After creating your account, the administrator will get back to you with your Bastion user name. | |||
=== Creating the Bastion alias === | |||
For your convenience, it is recommended to create an alias for the Bastion connection:<syntaxhighlight lang="bash"> | |||
alias bssh='ssh -t <YOUR BASTION USERNAME>@bastion.sd4h.ca --' | |||
</syntaxhighlight>After adding the alias, you can connect to Bastion!<syntaxhighlight lang="bash"> | |||
# Interactive mode (signs out when idle) | |||
bssh # SSH into Bastion | |||
help # runs the Bastion 'help' command | |||
# Non-interactive mode equivalent with '--osh' | |||
bssh --osh help | |||
</syntaxhighlight> | |||
=== Permissions === | |||
Bastion uses the principle of least privileges, meaning that users must be granted explicit access to servers. | |||
As such, a fresh Bastion user will not have access to anything at first, accesses must be granted by an administrator. | |||
=== Listing your server accesses === | |||
The <code>selfListAccesses</code> command lists the servers you have access to in Bastion. | |||
To view your accesses, simply run the command:<syntaxhighlight lang="bash"> | |||
bssh --osh selfListAccesses | |||
# Dear <USERNAME>, you have access to the following servers: | |||
# IP PORT USER ACCESS-BY ADDED-BY ADDED-AT | |||
# -------------- ---- -------------- ---------------------- ---------- ---------- | |||
# <SERVER 1 IP> 22 <SERVER 1 USER> <GROUP>(group-member) vrocheleau 2024-09-11 | |||
# <SERVER 2 IP> 22 <SERVER 2 USER> personal vrocheleau 2024-09-11 | |||
</syntaxhighlight> | |||
=== Connecting to a server === | |||
You can connect to any server that is listed by the <code>selfListAccesses</code> command. | |||
Taking the example output from the previous section:<syntaxhighlight lang="bash"> | |||
# connect to "SERVER 1" | |||
bssh <SERVER 1 USER>@<SERVER 1 IP> | |||
# connect to "SERVER 2" | |||
bssh <SERVER 2 USER>@<SERVER 2 IP> | |||
</syntaxhighlight> | |||
=== Access types === | |||
Coming soon! | |||
==== Group ==== | |||
==== Personal ==== | |||