Bastionhost manages O&M access to hosts from multiple sources — Alibaba Cloud Elastic Compute Service (ECS) instances, on-premises servers, and servers on other cloud platforms. Before you can connect to a host through Bastionhost, import it into your bastion host instance.
How it works
When you import a host, Bastionhost registers the host's address and network reachability information. All subsequent SSH or Remote Desktop Protocol (RDP) sessions go through the bastion host — the bastion host acts as the single entry point, enforcing access control. If the host is not directly reachable from the bastion host (for example, it sits in a different network segment), configure a network domain with a proxy so that the bastion host can forward traffic to it.
Choose an import method
| Method | Use when |
|---|---|
| Import ECS instances — current account | Your hosts are ECS instances under the same Alibaba Cloud account |
| Import ECS instances — member accounts | Your hosts are ECS instances under other accounts managed through Resource Directory |
| Create a host manually | Your hosts are on-premises servers or servers on other cloud platforms, and you are adding a small number |
| Import hosts from a file | Your hosts are on-premises or from other clouds, and you are importing a large number at once |
| Import from a third-party asset source | Your hosts are on Tencent Cloud, Huawei Cloud, Amazon Web Services (AWS), or another configured third-party source |
Prerequisites
Before you begin, ensure that you have:
Access to the Bastionhost console and a bastion host instance already created
ECS instances created (for ECS import methods). For details, see Create an instance on the Custom Launch tab
Member accounts added to the bastion host (for member account imports). For details, see Multi-account management
Third-party asset source credentials configured in Bastionhost (for third-party imports). For details, see Manage third-party asset sources
Import ECS instances from the current account
Import multiple ECS instances from your current Alibaba Cloud account in a single operation.
Importing an ECS instance does not affect the instance's running state.
Log on to the Bastionhost console. In the top navigation bar, select the region where your bastion host resides.
In the bastion host list, find the bastion host and click Manage.
In the left-side navigation pane, choose Assets > Hosts.
Choose Import ECS Instances > Import Instances of Current Account.
In the Select Region dialog box, select the region of the ECS instances and click OK.
In the Import ECS Instances dialog box, select the instances to import and click Import.
Import ECS instances from member accounts
If you manage multiple Alibaba Cloud accounts through Resource Directory, import ECS instances from member accounts for centralized O&M.
Log on to the Bastionhost console. In the top navigation bar, select the region where your bastion host resides.
In the bastion host list, find the bastion host and click Manage.
In the left-side navigation pane, choose Assets > Hosts.
Choose Import ECS Instances > Import Instances of Member Accounts.
In the Select Alibaba Cloud Account step, select the account whose instances you want to import and click Next.
In the Select Region step, select the region of the instances and click OK.
In the Import ECS Instances dialog box, select the instances to import and click Import.
Add a host manually
Specify host details directly to register a single on-premises or third-party cloud server.
Log on to the Bastionhost console. In the top navigation bar, select the region where your bastion host resides.
In the bastion host list, find the bastion host and click Manage.
In the left-side navigation pane, choose Assets > Hosts.
Choose Import Other Hosts > Create Host.
In the Create Host panel, fill in the parameters and click Create.
Parameter Description Operating System OS of the host. Linux and Windows are supported. Host IP Address IPv4 address or domain name of the host. For example, 192.168.XX.XXorwww.example.com.Hostname A custom name for the host. Must be 1–128 characters, cannot start with a special character, and can contain periods ( .), underscores (_), hyphens (-), and spaces.Network Domain The network path the bastion host uses to reach this host. The default Direct Network (Direct Connection) means the bastion host connects directly, without a proxy. If the host is not directly reachable, select a network domain configured with a proxy server. For details, see Use the network domain feature. Asset Group The asset group to assign this host to. Asset groups let you organize and manage hosts of the same type together. For details, see Manage asset groups. Remarks An optional label to identify the host.
Import hosts from a file
Use a template file to register multiple hosts at once. The downloadable template package includes XLS, CSV, and XLSX formats.
Log on to the Bastionhost console. In the top navigation bar, select the region where your bastion host resides.
In the bastion host list, find the bastion host and click Manage.
In the left-side navigation pane, choose Assets > Hosts.
From the Import Other Hosts drop-down list, select Import Hosts from File.
In the Import Hosts panel, click Download Host Template. Decompress the package, open a template file in your preferred format, enter the host information, and save the file.
In the Import Hosts panel, click Upload and select the template file you saved.
In the Preview dialog box, select the hosts to import and click Import.
In the Import Hosts panel, confirm the host information and click Import Hosts.
Import hosts from a third-party asset source
Pull hosts directly from Tencent Cloud, Huawei Cloud, AWS, or another third-party source you have configured.
Log on to the Bastionhost console. In the top navigation bar, select the region where your bastion host resides.
In the bastion host list, find the bastion host and click Manage.
In the left-side navigation pane, choose Assets > Hosts.
Click Import Other Hosts and select the third-party asset source from the drop-down list.
In the Import Third-party Hosts dialog box, select the hosts to import and click Import.
Verify the import
After the import completes, confirm the hosts appear in Bastionhost:
In the left-side navigation pane, choose Assets > Hosts.
Check that the imported hosts are listed with the correct hostnames and IP addresses.
If a host does not appear, check that:
The host's IP address or domain name is correct and reachable from the bastion host
A proxy-based network domain is configured if the host is not directly reachable
What's next
Add a host account — Bastionhost requires at least one host account (the OS-level login credential) before you can open a session. See Manage a host account.
Change the service port — If the host uses a non-default SSH or RDP port, update it before connecting. See Change the service port of a host.
Manage hosts — Edit, group, or remove registered hosts. See Manage hosts.