This topic provides answers to some frequently asked questions about Bastionhost.
Bastionhost provides more features and constantly improves user experience by rolling out scheduled version updates. Pre-sales FAQ is divided into the following sections based on different versions of bastion hosts:
FAQ about all versions of Bastionhost
Can I use a key pair for authentication when I log on to Bastionhost in SSH mode?
Can I directly connect to the IP address of an ECS instance after I purchase a bastion host?
Can I synchronize ECS instances that reside in different VPCs to a bastion host?
Am I charged for enabling SMS-based two-factor authentication?
FAQ about Bastionhost V3.2
Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost?
Can I use a key pair for authentication when I log on to a bastion host in SSH mode?
Yes, you can specify the same email address for multiple Bastionhost users. you can use a key pair or a password for authentication when you log on to a bastion host in SSH mode over port 60022. For more information about how to log on to a bastion host in SSH mode, see one of the following links based on your operating system:
Windows: SSH-based O&M
macOS: SSH-based O&M
Can I directly connect to the IP address of an ECS instance after I purchase a bastion host?
By default, bastion hosts have no control policies on IP addresses of Elastic Compute Service (ECS) instances. If no access control policies are configured for the IP address of the ECS instance, you can connect to the IP address.
To ensure the compliance and integrity of server O&M, we recommend that you configure access control policies to allow only bastion host-based O&M operations on the ECS instance. For more information about how to configure access control policies, see Create a control policy.
Can I synchronize ECS instances that reside in different VPCs to a bastion host?
The answer is based on whether the virtual private clouds (VPCs) belong to the same Alibaba Cloud account.
If the VPCs belong to different Alibaba Cloud accounts, you cannot synchronize the ECS instances to a bastion host. We recommended that you deploy bastion hosts separately within each Alibaba Cloud account. You can also manually add ECS instances to your bastion host.
NoteIf you want to perform O&M on ECS instances within different Alibaba Cloud accounts, make sure that the ECS instances are configured with public IP addresses. This way, you can access the ECS instances over the Internet from your bastion host.
If the VPCs belong to the same Alibaba Cloud account, you can synchronize all the ECS instances to a bastion host.
NoteBefore you perform O&M on the ECS instances that reside in different VPCs, make sure that you can access the ECS instances over an internal network by using Alibaba Cloud Express Connect or over the Internet from your bastion host.
Can I use a single bastion host to perform O&M audit on the ECS instances that reside in different VPCs or regions or on the ECS instances that are deployed within different accounts?
Yes, you can perform O&M audit on the ECS instances that reside in different VPCs or regions or are deployed within different accounts only if you can access the ECS instances from your bastion host.
For example, you created multiple ECS instances within the same Alibaba Cloud account in three regions. If you can access these ECS instances from your bastion host, you can perform O&M audits on these ECS instances.
For example, you created 13 ECS instances within the same Alibaba Cloud account. Nine ECS instances reside in the classic network and the other four ECS instances reside in a VPC. If you can access all these ECS instances from your bastion host, you can perform O&M audits on these ECS instances.
If you cannot access all these ECS instances from your bastion host, you may need to deploy multiple bastion hosts to perform O&M audits on different ECS instances.
You can use the following methods to enable communications between ECS instances and bastion hosts:
If the ECS instances for which you want to perform O&M are accessible over the Internet, add rules that allow access from the bastion hosts in the security groups of the ECS instances. For more information, see Add security group rules.
If the ECS instances for which you want to perform O&M are deployed in a VPC, connect this VPC to bastion hosts by using a Cloud Enterprise Network (CEN). For more information, see What is CEN?
Am I charged for enabling SMS-based two-factor authentication?
No, you are not charged for enabling SMS-based two-factor authentication. For more information about how to enable SMS-based two-factor authentication, see Enable two-factor authentication.
What is the operating system of bastion hosts? Can I replace this existing operating system with another operating system?
No, you cannot replace the operating system of bastion hosts. All bastion hosts run the CentOS operating system.
Why are the available regions different when I purchase bastion hosts for different Alibaba Cloud accounts?
Servers within different Alibaba Cloud account types implement physical isolation and network isolation. You can purchase bastion hosts in specific regions based on your account types, such as Alibaba Gov Cloud and Alibaba Finance Cloud accounts. For example, you can use only an Alibaba Gov Cloud account to purchase the bastion hosts deployed in the China North 2 Ali Gov 1 region. You can go to the buy page of Bastionhost to view the available regions for your account.
Can bastion hosts be customized?
No, you can select only the specifications that are offered by Alibaba Cloud. The following table describes the available specifications. For more information, see Billing.
Region Group 1, Region Group 2, and Region Group 3 in the following table refer to the following specific regions:
Region Group 1: China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Hohhot), China (Shenzhen), and China (Chengdu)
Region Group 2:
China (Hong Kong)
Asia Pacific: Japan (Tokyo), Singapore, Australia (Sydney), Malaysia (Kuala Lumpur), Indonesia (Jakarta), India (Mumbai), and Philippines (Manila)
Europe and Americas: US (Virginia), US (Silicon Valley), Germany (Frankfurt), and UK (London)
Region Group 3: UAE (Dubai)
Billable item | Specification | Maximum number of concurrent sessions | Service specification | Price in Region Group 1 | Price in Region Group 2 | Price in Region Group 3 | |
Basic fee | Basic | 50 assets | 50
|
| USD 250 per month | USD 400 per month | USD 750 per month |
100 assets | 100
| USD 400 per month | USD 600 per month | USD 1,000 per month | |||
200 assets | 100
| USD 550 per month | USD 700 per month | USD 1,300 per month | |||
500 assets | 500
|
| USD 800 per month | USD 1,100 per month | USD 2,000 per month | ||
Enterprise | 50 assets | 50
|
| USD 400 per month | USD 700 per month | N/A | |
100 assets | 100
| USD 700 per month | USD 1,000 per month | N/A | |||
200 assets | 100
| USD 950 per month | USD 1,300 per month | N/A | |||
500 assets | 500
|
| USD 1,400 per month | USD 1,900 per month | N/A | ||
1,000 assets | 1,000
| USD 2,500 per month | USD 3,900 per month | N/A | |||
2,000 assets | 1,000
| USD 4,000 per month | USD 6,000 per month | N/A | |||
5,000 assets | 2,000
|
| USD 5,800 per month | USD 8,800 per month | N/A | ||
Extra Bandwidth | 10 Mbit/s | N/A | USD 12 per Mbit/s per month | USD 15 per Mbit/s per month | USD 20 per Mbit/s per month | ||
Which countries and regions support the SMS-based two-factor authentication feature of Bastionhost?
Country or area | Calling code |
Areas in China | Hong Kong (China): +852 |
Macao (China): +853 | |
Taiwan (China): +886 | |
Chinese mainland: +86 | |
Countries and areas outside China | Australia: +61 |
Poland: +48 | |
Germany: +49 | |
UAE: +971 | |
Russia: +7 | |
France: +33 | |
Philippines: +63 | |
Republic of Korea: +82 | |
Malaysia: +60 | |
United States: +1 | |
Japan: +81 | |
Sweden: +46 | |
Switzerland: +41 | |
Spain: +34 | |
Singapore: +65 | |
Israel: +972 | |
Italy: +39 | |
India: +91 | |
Indonesia: +62 | |
United Kingdom: +44 | |
Saudi Arabia: +966 | |
Thailand: +66 | |
Vietnam:+84 | |
Cambodia: +855 |