To perform O&M operations on a host from a client, use a command-line tool or database O&M tool to log on to a bastion host. Then, you can use the bastion host to select the host assets for O&M. This topic describes how to perform O&M operations on assets by connecting to a bastion host from an SSH client on a Windows server.
Prerequisites
The assets that you want to manage and a user are imported to the bastion host. The user is authorized to manage the assets. For more information, see Add hosts, Manage users, and Authorize users or user groups to manage assets and asset accounts.
NoteTo enable the bastion host to access the hosts in password-free mode, authorize the user to use the accounts of the hosts. For more information, see Authorize a user to manage assets and asset accounts.
If you do not manage specific accounts in the bastion host, you can select Unauthorized Asset Accounts Are Allowed in the Special Asset Accounts section. This way, the user can manually enter the username and password of the host to access and perform O&M operations on the host. For more information about how to enable a special asset account, see Configure O&M settings.
You have obtained the O&M address of Bastionhost. You can obtain the O&M address on the Overview page in the Bastion Host Information area. For more information, see Bastionhost page overview.
NoteBastionhost provides fixed O&M addresses in domain name pattern, while using dynamic IP addresses to ensure security against attacks. The IP address resolved from the O&M address may change. You should use the domain name address assigned by Bastionhost for O&M operations to avoid O&M failures due to IP address changes.
The public key of a user is hosted on the bastion host if you want to log on to the bastion host by using the public key of the user. For more information, see Host the public key of a user.
An O&M tool that supports SSH, such as Xshell, SecureCRT, and PuTTY, is installed if you want to use a client tool for asset O&M.
For more information about the database O&M tools and versions that are compatible with Bastionhost, see Database O&M tools and versions.
Log on to a bastion host by using a command-line tool
Password authentication
Start the command-line tool and enter
ssh <Username of the bastion host>@<O&M address of the bastion host> -p 60022.By default, the SSH port number is 60022. For more information about how to change the O&M port of the bastion host, see Configure the bastion host port number.
Enter the password of the bastion host user.
If two-factor authentication is enabled for bastion host users, enter the verification code.
For more information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.
On the asset management page that appears, select the host for which you want to perform O&M operations by pressing the upward or downward arrow key, and press Enter to access the host for O&M.
Token authentication
Start the command-line tool and enter
ssh <Username of the bastion host>@<O&M address of the bastion host> -p 60022.By default, the SSH port number is 60022. For more information about how to change the O&M port of the bastion host, see Configure the bastion host port number.
In the Password section, enter the O&M token of the bastion host. For more information about how to obtain an O&M token, see Manage an O&M token.
Perform O&M operations on the host.
Public key authentication
Start the command-line tool and enter
ssh -i <Path to the private key file> <Username of the bastion host>@<O&M address of the bastion host> -p 60022.By default, the SSH port number is 60022. For more information about how to change the O&M port of the bastion host, see Configure the bastion host port number.
If two-factor authentication is enabled for bastion host users, enter the verification code. For more information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.
On the asset management page that appears, select the host for which you want to perform O&M operations by pressing the upward or downward arrow key, and press Enter to access the host for O&M.
Log on to a bastion host by using a client tool
Password authentication
Start Xshell. Click the New icon on the File menu. In the Properties of New Session dialog box that appears, click Connection in the navigation pane on the left and enter an O&M address and an SSH port number in the General section.
By default, the SSH port number is 60022. For more information about how to change the O&M port of the bastion host, see Configure the bastion host port number.
In the navigation pane on the left, choose Connection > Authentication, enter the username and password that are used to access the bastion host, and then click OK.
If two-factor authentication is enabled for bastion host users, enter the verification code and click OK.
For more information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.
On the asset management page that appears, select the host for which you want to perform O&M operations by pressing the upward or downward arrow key, and press Enter to access the host for O&M.
Token authentication
Start Xshell. Click the New icon on the File menu. In the Properties of New Session dialog box that appears, click Connection in the navigation pane on the left and enter an O&M address and an SSH port number in the General section.
By default, the SSH port number is 60022. For more information about how to change the O&M port of the bastion host, see Configure the bastion host port number.
In the navigation pane on the left, choose Connection > Authentication, enter the username and O&M token that are used to access the bastion host, and click OK. For more information about how to obtain an O&M token, see Manage an O&M token.
Perform O&M operations on the host.
Public key authentication
Start Xshell. Click the New icon on the File menu. In the Properties of New Session dialog box that appears, click Connection in the navigation pane on the left and enter an O&M address and an SSH port number in the General section.
By default, the SSH port number is 60022. For more information about how to change the O&M port of the bastion host, see Configure the bastion host port number.
In the navigation pane on the left, choose Connection > Authentication, and set Method to Public Key.
Click Setup. In the Setup Public Key dialog box, upload the private key file that matches the public key hosted on the bastion host and click OK.
Optional: If two-factor authentication is enabled for bastion host users, enter the verification code and click OK.
For more information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.
On the asset management page that appears, select the host for which you want to perform O&M operations by pressing the upward or downward arrow key, and press Enter to access the host for O&M.
How to search asset
You can use one of the following methods to search for specific assets:
Use
/+search content. The search results are highlighted, as shown in the following figure:
Use the search feature provided by Bastionhost to filter specific assets by keyword.
For example, if you need to filter assets by the keyword "key", you can click [Search], enter the [Search] page, enter "ls key", and press Enter. The asset list interface automatically filters assets that contain "key". The following figure shows an example:
NoteFor more information about the [Search] command, enter
helporhelp ls.