Bastionhost supports three authentication methods for host accounts: password-based, SSH private key-based, and shared key-based. Once you configure an authentication method and authorize a user to manage the host and host account, the user can log on to the host through Bastionhost without entering credentials each time.
Prerequisites
Before you begin, make sure you have:
Logged on to the console of a bastion host. See Log on to the console of a bastion host
(Required for shared key-based authentication only) Completed the shared key configuration on the Shared Key page. See Use the shared key feature
Configure password-based authentication
Use this method when users log on to the host with a username and password.
In the left-side navigation pane, choose Assets > Hosts.
On the Hosts page, find the host and click its name.
On the Host Account tab, create, change, or delete the password for the host account.
Create or change a password
Find the host account and click its logon name. In the Edit Host Account panel, enter the password, then click Verify to validate it.
Note: The username and password of the host account must match the username and password of the actual host. Password verification runs over ports. If verification fails, check the port settings of the host and the network connectivity between the host and Bastionhost. See Diagnose network issues and What do I do if an error is returned during password verification for a new host account in Bastionhost?
Delete a password Find the host account and click Clear in the Password column.
Configure SSH private key-based authentication
Use this method when the host requires SSH private key authentication. Bastionhost supports only Rivest-Shamir-Adleman (RSA) keys and Ed25519 keys generated by the ssh-keygen utility.
For example, on a Linux host, use ssh-keygen to generate a key pair: the public key is stored on the host, and the private key is exported to your local machine. You then provide the private key to Bastionhost in the steps below. See How do I generate a key pair and configure key pair authentication?
In the left-side navigation pane, choose Assets > Hosts.
On the Hosts page, find the host and click its name.
On the Host Account tab, find the host account and click Set in the SSH Private Key column.
In the Configure Private Key dialog box, enter the private key.
Note: If the host has password-free logon enabled, leave the Encryption Password field blank.
Click Save.
To delete the private key, click Clear in the SSH Private Key column.
Configure shared key-based authentication
Before you configure shared key-based authentication, you must perform the required configurations on the Shared Key page. See Use the shared key feature.
In the left-side navigation pane, choose Assets > Hosts.
On the Hosts page, find the host and click its name.
On the Host Account tab, find the host account and click Set in the Shared Key column.
In the Set Shared Key dialog box, select the shared key configured for the host account.
Click Save.
To delete the shared key, click Clear in the Shared Key column.