Bastionhost provides the key management feature. This feature allows you to create keys and associate the keys with multiple host accounts at a time. This way, you can manage host accounts in a more efficient manner. This topic describes how to use the key management feature.

Background information

If you want to use Bastionhost to save your private keys, you can deploy key pairs on hosts. Then, you can use the key management feature to create a shared key and associate the shared key with different host accounts.

Step 1: Create a key

  1. Find your bastion host and click Manage. For more information, see Log on to Bastionhost.
  2. In the Create Key panel, configure Key Name, Key, and Encryption Password.
    The following table describes the parameters.
    Parameter Description
    Key Name The name of the key.

    The name must be 1 to 128 characters in length and can contain only letters, digits, periods (.), underscores (_), hyphens (-), and spaces. The name must start with a letter or a digit.

    Key The shared key.

    You can enter only a Rivest-Shamir-Adleman (RSA) key that is generated by using the ssh-keygen tool.

    Encryption Password The password used to encrypt the shared key. This parameter is optional.
  3. Click Create.
    The key that you created appears on the Keys page.

Step 2: Associate the key that you created with a host account

  1. Find your bastion host and click Manage. For more information, see Log on to Bastionhost.
  2. On the Keys page, find the newly created key and click Associate Host Account in the Actions column. Associate Host Account
    Note You can associate the key only with the host accounts whose Protocol is set to SSH.
  3. In the Associate Host Account dialog box, select the host with which you want to associate the key.
    Note You can associate a shared key with multiple host accounts. You can bind a host account to only one shared key.
  4. In the lower-left corner, click Associate.
  5. Click OK.
    After you associate the key with the host account, the key becomes the shared key of the associated host. The shared key is preferentially used to log on to the host on which you want to perform O&M operations.