This topic provides answers to some frequently asked questions about Bastionhost.

Can I use a key pair for authentication when I log on to a bastion host in SSH mode?

Yes, you can use a key pair or a password for authentication when you log on to a bastion host in SSH mode over port 60022. For more information about how to log on to the bastion host in SSH mode, see the following content based on your system:

Can I directly connect to the IP address of an ECS instance after I purchase a bastion host?

By default, bastion hosts have no control policies on IP addresses of ECS instances. If an access control policy on the ECS instance is not configured, you can connect to the IP address of the ECS instance.
Note To ensure the compliance and integrity of server O&M, we recommend that you configure access control policies to allow O&M on ECS instances only over bastion hosts. For more information about how to configure access control policies, see Create a control policy.

Can I synchronize ECS instances that reside in different VPCs to a bastion host?

The answer is based on whether the VPCs belong to the same Alibaba Cloud account.

  • If the VPCs belong to different Alibaba Cloud accounts, you cannot synchronize the ECS instances to a bastion host. We recommended that you deploy bastion hosts separately within each Alibaba Cloud account. You can also manually add ECS instances to a bastion host.
    Note If you want to perform O&M on ECS instances within different Alibaba Cloud accounts, make sure that the ECS instances are configured with public IP addresses. This way, you can access the ECS instances over the Internet from your bastion host.
  • If the VPCs belong to the same Alibaba Cloud account, you can synchronize all the ECS instances to a bastion host.
    Note Before you perform O&M on the ECS instances that reside in different VPCs, make sure that you can access the ECS instances over an internal network by using Alibaba Cloud Express Connect or over the Internet from your bastion host.

Can I use a single bastion host to perform O&M audit on the ECS instances that reside in different VPCs or regions or are deployed within different accounts?

Yes, you can perform O&M audit on the ECS instances that reside in different VPCs or regions or are deployed within different accounts only if you can access the ECS instances from your bastion host.

For example, you created more than 10 ECS instances within the same Alibaba Cloud account in the China (Qingdao), China (Beijing), and China (Zhangjiakou) regions. If you can access these ECS instances from your bastion host, you can perform O&M audits on these ECS instances.

For example, you created 13 ECS instances within the same Alibaba Cloud account. Nine ECS instances reside in the classic network and the other four ECS instances reside in a VPC. If you can access all these ECS instances from your bastion host, you can perform O&M audits on these ECS instances.
Note If you cannot access all these ECS instances from your bastion host, you may need to deploy multiple bastion hosts to perform O&M audits on different ECS instances.
You can use the following methods to enable communications between ECS instances and bastion hosts:
  • If the ECS instances for which you want to perform O&M are accessible over the Internet, add rules that allow access from the bastion hosts in the security groups of the ECS instances. For more information, see Add security group rules.
  • If the ECS instances for which you want to perform O&M are deployed in a VPC, connect this VPC to bastion hosts by using a Cloud Enterprise Network (CEN). For more information, see What is CEN?.

Am I charged for enabling text message-based two-factor authentication?

No, you are not charged for enabling text message-based two-factor authentication. For more information about how to enable text message-based two-factor authentication, see Enable two-factor authentication.

What is the default operating system of bastion hosts? Can I replace this existing operating system with another operating system?

No, Bastion hosts run the CentOS operating system. You cannot replace the operating system.

Why are the available regions different when I purchase bastion hosts for different Alibaba Cloud accounts?

Servers within different Alibaba Cloud account types implement physical isolation and network isolation. You can purchase bastion hosts in specific regions based on your account types, such as Alibaba Gov Cloud and Alibaba Finance Cloud accounts. For example, you can use only an Alibaba Gov Cloud account to purchase the bastion hosts deployed in the China North 2 Ali Gov 1 region. You can go to the buy page of Bastionhost to view the available regions for your account.

Can bastion hosts be customized?

No, you can select only the specifications that are offered by Alibaba Cloud. The following table describes the available specifications. For more information, see Billing.
Billable items Number of assets Number of concurrent sessions Product specifications Price in China (Hong Kong), Singapore (Singapore), Australia (Sydney), Malaysia (Kuala Lumpur), Indonesia (Jakarta), Japan (Tokyo), Germany (Frankfurt), UK (London), US (Virginia), US (Silicon Valley), and India (Mumbai) Price in China (Shanghai), China (Shenzhen), China (Qingdao), China (Beijing), China (Hohhot), and China (Chengdu) Price in UAE (Dubai)
Basic fee Basic edition 50 50
  • Bandwidth: 8 Mbit/s
  • Storage: 1 TB
USD 400 per month USD 250 per month USD 750 per month
100 100 USD 600 per month USD 400 per month USD 1,000 per month
200 100 USD 700 per month USD 550 per month USD 1,300 per month
500 500
  • Bandwidth: 16 Mbit/s
  • Storage: 2 TB
USD 1,100 per month USD 800 per month USD 2,000 per month
HA edition 50 50
  • Bandwidth: 12 Mbit/s
  • Storage: 2 TB
USD 700 per month USD 400 per month Not supported
100 100 USD 1,000 per month USD 700 per month Not supported
200 100 USD 1,300 per month USD 950 per month Not supported
500 500
  • Bandwidth: 24 Mbit/s
  • Storage: 3 TB
USD 1,900 per month USD 1,400 per month Not supported
1,000 1,000 USD 3,900 per month USD 2,500 per month Not supported
2,000 1,000 USD 6,000 per month USD 4,000 per month Not supported
5,000 2,000
  • Bandwidth: 48 Mbit/s
  • storage: 4 TB
USD 8,800 per month USD 5,800 per month Not supported
Extra bandwidth Increment: 10 Mbit/s N/A N/A USD 15 per Mbit/s per month USD 12 per Mbit/s per month USD 20 per Mbit/s per month

Which countries and regions support the text message-based two-factor authentication feature of Bastionhost?

The following table lists the countries and regions that support the text message-based two-factor authentication feature of Bastionhost.

Region Country or special administrative region: calling code
China Hong Kong (China): +852
Macau (China): +853
Taiwan (China): +886
Mainland China: +86
Outside China Russia: +7
Singapore: +65
Malaysia: +60
Indonesia: +62
Germany: +49
Australia: +61
US: +1
Dubai: +971
Japan: +81
UK: +44
India: +91
South Korea: +82
Philippines: +63
Switzerland: +41
Sweden: +46
France (+33)
Israel (+972)
Italy (+39)