Log on to a host by using a bastion host in Linux - ApsaraDB for MyBase

This topic describes how to log on to an ApsaraDB for MyBase host by using a bastion host in Linux.

Prerequisites

MySQL or PostgreSQL is selected as the engine of your ApsaraDB for MyBase dedicated cluster.
The Grant OS Permissions parameter is set to Enabled when you create an ApsaraDB for MyBase dedicated cluster. For more information, see Create a dedicated cluster.
A host account is created. For more information, see Create a host account.

Background information

A bastion host can be used to record the operations of users. All user requests are forwarded by the bastion host. This prevents the database host from connecting to the Internet and ensures the security of the database host. You can use a bastion host to log on to and manage one or more hosts on which your database instances are deployed. You can use a bastion host to log on to multiple database hosts.

Procedure

Log on to the ApsaraDB for MyBase console.
In the upper-left corner of the page, select a region.
Find the cluster that you want to manage and click Details in the Actions column.
In the left-side navigation pane, click Bastion Hosts. Find the bastion host that you want to manage, and click Associate with Bastion Host in the Actions column.
Select the ApsaraDB for MyBase host to which you want to log on and click Next.

Create a bastion host account.

Click Create Bastion Host Account. On the Create Bastion Host Account dialog box, configure the following parameters.

Parameter	Description
Username	The username of the account that can be used to log on to the bastion host. The username must meet the following requirements: The username can be up to 50 characters in length. The username contains at least three of the following types of characters: uppercase letters, lowercase letters, digits, and special characters. Special characters are `underscores (_), hyphens (-), commas (.), and percent signs (%)`.
Password	The password of the account that can be used to log on to the bastion host. The password must meet the following requirements: The password can be 8 to 64 characters in length. The password contains letters, digits, and special characters. Special characters include `at signs (@), number signs (#), and dollar signs ($)`.
Confirm Password	Enter the password of the account to confirm that you entered the correct password.
Name	Your name. You can enter up to 100 characters in length.
Email Address	Optional. Your e-mail address.
Phone Number	Optional. Your phone number.

Click Create.

Authorize the bastion host account to log on to the ApsaraDB for MyBase host.
1. Find the bastion host account and click Authorize Host in the Actions column. This way, you can log on to the Bastionhost console.
2. On the Users page, find the bastion host account and click Authorize Hosts in the Actions column.
3. On the Authorized Hosts tab, click Authorize Hosts.
4. In the Authorize Hosts panel, select the ApsaraDB for MyBase host to which you want to log on and click OK.
  Note
  After the authorization is completed, go to the Authorize Host wizard. Click View Authorized Hosts in the Authorized Host column to check the hosts to which you can log on by using the bastion host account.
Log on to the ApsaraDB for MyBase host.
1. Log on to the bastion host by running the ssh command on your terminal. Use the following command syntax:
```
ssh <Username>@<Bastion host O&M address> -p<Bastion host port>
```
  Note
  Username specifies the username that you use to create the bastion host account.
  Bastion host O&M address specifies the public endpoint of the bastion host. You can check the public endpoint of the bastion host on the Bastion Hosts page.
  Bastion host port specifies the port number of the bastion host. Default value: 60022.
  Examples
```
ssh test@wdd*****-public.bastionhost.aliyuncs.com -p60022
```
2. Enter the password of the bastion host account.
3. Move the pointer over the ApsaraDB for MyBase host and press Enter.