Use single sign-on (SSO) to launch a local client and connect to a remote host directly from the Bastionhost console or the O&M portal.
Prerequisites
Before you begin, make sure you have:
O&M permissions on the target host. For setup instructions, see Add hosts, Manage users, and Authorize users or user groups to manage assets and asset accounts
A local client that Bastionhost Assistant supports. See Clients supported by Bastionhost Assistant
Bastionhost Assistant installed on the same machine as the local client. See Download and install Bastionhost Assistant
Two logon modes are available:
Password-free logon: The administrator grants O&M permissions on the asset directly to the engineer. See Authorize users or user groups to manage assets and asset accounts.
Password logon: The administrator selects Unauthorized Asset Accounts Are Allowed in the Special Asset Accounts section. In this mode, host accounts are not hosted on the bastion host. See Configure O&M settings.
Step 1/2: Configure an O&M device
Set up the local client parameters that Bastionhost Assistant uses when launching a session.
Log on to the Bastionhost console and select the target region in the top navigation bar.
In the bastion host list, find the target instance and click Manage.
In the navigation pane, choose Asset O&M > Host O&M.
On the Host O&M page, click Device Settings.
In the Device Settings panel, configure the settings for each protocol you use.
RDP
| Setting | Description |
|---|---|
| Resolution | Size of the remote desktop window. Configurable width and height. Default: 800 × 600. |
| Connection Mode | Select Connect to Management Sessions to skip permission verification for ApsaraDB RDS during Remote Desktop Protocol (RDP)-based O&M. |
| Local Devices and Resources | Local devices mapped to the remote server, including printers and clipboards. |
| Session Title | Title shown at the top of the remote desktop window. Configurable with: asset IP address, asset port, asset name, asset logon name, and protocol. Displayed only on Windows. Note Not shown in full-screen mode by default. Spaces in the asset name appear as underscores (\_) in the title. |
| Local Drivers | Local drives mapped to the remote server. Displayed only on Windows. |
| Client Path | Full installation path of the local client. Displayed only on macOS. |
SSH
| Setting | Description |
|---|---|
| Local Client | Default local client to launch. Supported: Xshell, PuTTY, SecureCRT, MobaXterm. |
| Device Type | Terminal emulation type. Supported: VT100, xterm, Linux. |
| Encoding Method | Character encoding for the client. Default: UTF-8. |
| Session Title | Title shown in the client. Configurable with: asset IP address, asset port, asset name, asset logon name, and protocol. Displayed only on Windows. Note Session titles cannot be modified in MobaXterm. Spaces in the asset name appear as underscores (\_) in the title. |
| Client Path | Full installation path of the local client. Displayed only on macOS. |
SFTP
| Setting | Description |
|---|---|
| Local Client | Default local client to launch. Supported: Xftp, WinSCP, FileZilla, FlashFXP, SecureFX, MobaXterm. |
| Session Title | Title shown in the client. Configurable with: asset IP address, asset port, asset name, asset logon name, and protocol. Displayed only on Windows. |
| Client Path | Full installation path of the local client. Displayed only on macOS. |
Step 2/2: Perform host O&M
Choose the access path that matches your account type, then connect to the target host.
Bastionhost console (for RAM users)
Log on to the Bastionhost console and select the target region in the top navigation bar.
In the bastion host list, find the target instance and click Manage.
In the navigation pane, choose Asset O&M > Host O&M.
Find the host you want to connect to.
In the Remote Connection column, click the drop-down arrow. In the dialog box, select a host account, set Logon Method to Local Client Logon, and then click Log On.
O&M portal (for non-RAM users)
Log on to the O&M portal. For instructions, see Log on to the O&M portal.
In the left navigation bar, click Host.
In the Remote Connection column, click the drop-down arrow. In the dialog box, select a host account, set Logon Method to Local Client Logon, and then click Log On.