Highest Voted 'bastion' Questions - Server Fault Stack Exchange

24

votes

2 answers

Relationship between bastion host and jump host

What's are the differences/similarities between a "bastion host" and a "jump host"? Are they usually used interchangeably?

firewall proxy bastion

asked Sep 17 '15 at 10:06

kolistivra

343
1
3
7

12

votes

3 answers

SSH host key checking cannot disable when using proxy jump

I am trying to SSH through a jumpbox, but SSH seems to be intent on checking host keys for the jumpbox, even though I'm telling it not to, using the normal -o StrictHostKeyChecking=no -o UserKnownHostsFile=no command line options. If I SSH directly…

ssh bastion hostkey

asked Mar 22 '17 at 20:54

siride

529
2
7
18

11

votes

3 answers

Bastion server: use TCP forwarding VS placing private key on server

We have bastion server B. We need to SSH from A through B to C, using private key. What is the better option: Put the private SSH key on server B. We read that it's a bad idea to do that in a production environment. From here: Never place your…

linux ssh security private-key bastion

asked Mar 14 '19 at 09:33

user2503775

223
3
9

11

votes

5 answers

SSH through intermediate host fails only on myuser@mymac but works elsewhere

I am not able to connect via ssh to one of my datacenter nodes using my user on my macbook. This is a recent problem, and it was perfectly funtional since ~ a couple of weeks ago. Strangely, this only affects my user on my computer, but I am able…

ubuntu ssh mac-osx bastion

asked Mar 13 '17 at 10:19

RogerFC

332
1
2
10

9

votes

1 answer

Ansible - Access through Bastion w/ MFA

In my current environment, I have all my Linux servers only accessible through a bastion host, which has MFA enabled. I've managed to get Ansible to successfully talk to servers through the bastion, the only problem is that it establishes a new…

ansible configuration-management two-factor bastion

asked Feb 29 '16 at 17:10

Paul Kirby

191
3

7

votes

2 answers

ssh-keyscan through a bastion

I have some test servers running behind a bastion on Openstack. The test stack gets deleted and created often. After the stack is created I run a set of Ansible scripts to install and configure the servers. I have the process almost completely…

ssh ansible bastion

asked Jan 02 '17 at 11:07

Steve

123
1
8

5

votes

1 answer

GCP: Run kubectl exec on private cluster over proxy

I have a private kubernetes cluster with private ip. In order to access it i have set up a bastion host with squid proxy. It looks like this: My host -> bastion -> private cloud Regular kubectl commands work throw proxy as expected: $…

proxy google-kubernetes-engine bastion

asked Mar 28 '19 at 07:17

Erez Ben Harush

177
1
7

3

votes

1 answer

SSH Tunnel through bastion host

I'm having an issue with establishing an ssh tunnel through a bastion host. Having looked through various SE questions which potentially solve the problem, nothing has. My ssh config file (local) Host www HostName *** IdentityFile…

linux ssh amazon-web-services bastion

asked Mar 23 '18 at 20:15

Nick

161
1
5

3

votes

2 answers

Should a NAT host be separate from a Bastion host

Have a private network with servers that required SSH access. Since the instances are in a private subnet, they cannot be accessed directly via SSH and require a public Bastion host to access. Workstation -> via SSH -> Bastion -> via SSH Forwarding…

security nat networking bastion

asked Oct 01 '14 at 16:39

csi

1,535
7
22
42

3

votes

1 answer

Tinyproxy error: Unable to connect to the server: Access denied

I installed tinyproxy 1.8.4 on a bastion host with public IP on GCP, to forward traffic to a private GKE cluster. Now I'm using ssh to connect to the bastion host with port forwarding and the connection is established correctly, however, Running…

ssh debian google-cloud-platform bastion tinyproxy

asked Mar 01 '21 at 14:33

Abdelwahhab

51
5

3

votes

1 answer

How to properly make an ssh bastion, with fail2ban, in a Docker container

I've already asked the question on the Docker forums but so far no luck with a reply. I'm hoping I will have better fortune here. I’m in the process of making an ssh bastion (with fail2ban for security) in a Docker container. The container will…

ssh docker fail2ban bastion

asked Apr 14 '20 at 07:17

Oliver Henriot

123
2
8

2

votes

1 answer

SSH CA-signed key fails via bastion

I'm setting up some servers for a new system and decided to do things a little bit differently. I'm running into an issue that I just can't seem to get past though. My desired configuration is having one bastion server and N other servers that can…

ssh authentication certificate-authority bastion

asked Oct 15 '19 at 23:13

3ocene

71
3

2

votes

3 answers

AWS - Bastion checking IAM permissions?

Is it possible to set up a bastion host in AWS that would be checking IAM to check if given user can connect to specific EC2 instance? It might be a bit blurry but the idea is following. Let's assume that a company has 2 customers and each of them…

amazon-web-services amazon-iam bastion

asked Jun 07 '19 at 10:41

Tomasz Kapłoński

153
4

2

votes

0 answers

PuTTY configuration with plink for keyboard-interactive authentication

Please see EDIT #2 for latest findings I've looked at other similar questions but, unfortunately, none of them seemed to help. This one is the closest and my symptoms are similar. Here's the issue: I am trying to setup the equivalent of ProxyJump…

ssh authentication putty bastion

asked Nov 30 '18 at 23:25

PerennialN00b

63
1
6

2

votes

0 answers

Reaching any server on a separate network with proxy+ssh

I have server A sitting in network A. Server A is able to connect to a bastion host in network B via ssh. This bastion host is able to reach any port on any server in network B. From any server in network A, I would like to be able to do something…

linux ssh routing proxy bastion

asked Nov 07 '18 at 03:44

cat pants

2,139
10
33
44

Questions tagged [bastion]