You can configure password-based, SSH private key-based, or shared key-based authentication for the account of a host. After you configure an authentication method and authorize a user to manage the host and host account, the user can use the account to log on to the host without the need for authentication.
Configure password-based authentication
Log on to the console of a bastion host. For more information, see Log on to the console of a bastion host.
In the left-side navigation pane, choose .
On the Hosts page, find the host for which you want to configure a password and click the name of the host.
On the Host Account tab, create, change, or delete a password for the host.
Create or change a password
Find the host account for which you want to create or change a password and click the logon name of the account. In the Edit Host Account panel, enter a password. Then, click Verify to verify whether the password is valid.
NoteThe username and password of the host account must be the same as the username and password of your host. Password verification is performed over ports. If an error occurs during the verification, check the port settings of the host and the network connectivity between your host and Bastionhost. For more information, see Diagnose network issues.
For more information about how to troubleshoot errors returned during password verification, see What do I do if an error is returned during password verification for a new host account in Bastionhost?
Delete a password
Find the host account whose password you want to delete and click Clear in the Password column.
Configure SSH private key-based authentication
If an SSH private key is required to log on to the host on which you want to perform O&M operations, you can configure SSH private key-based authentication. To configure SSH private key-based authentication, perform the following steps:
Log on to the console of a bastion host. For more information, see Log on to the console of a bastion host.
In the left-side navigation pane, choose .
On the Hosts page, find the host for which you want to configure a private key and click the name of the host.
On the Host Account tab, find the host account for which you want to configure a private key and click Set in the SSH Private Key column.
In the Configure Private Key dialog box, enter the private key and click Save.
If you want to delete the private key, click Clear in the SSH Private Key column.
NoteBastionhost supports only Rivest-Shamir-Adleman (RSA) keys and Ed25519 keys that are generated by using the
ssh-keygenutility.For example, you can use the
ssh-keygenutility to generate a public key and a private key for a host that runs Linux. The public key is stored in the directory of the host, and the private key is exported to your computer. In this step, enter the generated private key. For more information, see How do I generate a key pair and configure key pair authentication?If password-free logon is enabled for the host, leave the Encryption Password field empty.
Configure shared key-based authentication
Before you configure shared key-based authentication, you must perform the required configurations on the Shared Key page. For more information, see Use the shared key feature.
Log on to the console of a bastion host. For more information, see Log on to the console of a bastion host.
In the left-side navigation pane, choose .
On the Hosts page, find the host for which you want to configure a key and click the name of the host.
On the Host Account tab, find the account for which you want to configure a key and click Set in the Shared Key column.
In the Set Shared Key dialog box, select the shared key that is configured for the host account and click Save.
If you want to delete the shared key, click Clear in the Shared Key column.