All Products
Search

This Product

    Bastionhost:Perform RDP-based O&M

    Document Center

    Bastionhost:Perform RDP-based O&M

    Last Updated:Mar 31, 2026

    Connect to a Bastionhost instance from Microsoft Remote Desktop on macOS to manage Windows hosts using Remote Desktop Protocol (RDP). Bastionhost proxies the RDP session, so you access target hosts through the bastion host rather than connecting directly.

    Prerequisites

    Before you begin, ensure that you have:

    • Assets and user authorization — The Windows hosts and your Bastionhost user account are imported into the bastion host, and the user is authorized to manage those hosts. See Add hosts, Manage users, and Authorize users or user groups to manage assets and asset accounts.

      To let Bastionhost access hosts without entering credentials each time, authorize the user to use the host's asset accounts. See Authorize a user to manage assets and asset accounts. If no asset accounts are managed in Bastionhost, enable Unauthorized Asset Accounts Are Allowed under Special Asset Accounts in the O&M settings. This lets users enter host credentials manually. See Configure O&M settings.

    • O&M address — The O&M address of your bastion host, obtained from the Bastion Host Information section on the Overview page of the Bastionhost console. See Log on to the console of a bastion host.

      Bastionhost provides fixed O&M addresses and supports dynamic O&M IP addresses for security. The IP address that a private O&M address resolves to may change. Always use the O&M address (not the IP address) to avoid connection failures caused by IP changes.

      概览

    • Microsoft Remote Desktop — The Microsoft Remote Desktop client is installed on your macOS machine.

    Authentication methods

    Bastionhost supports two authentication methods when connecting via RDP:

    MethodCredentials required
    Password authenticationUsername and password of your Bastionhost account
    Token authenticationUsername and O&M token of your Bastionhost account

    Both methods use the same connection steps. The only difference is the credential you enter in step 3.

    Connect to a host

    1. Open Microsoft Remote Desktop.

    2. Enter the O&M address in the following format and click Add:

      <O&M address of the bastion host>:63389

      For example: kagp******-public.bastionhost.aliyuncs.com:63389 The default RDP port is 63389. To change the O&M port, see Configure a bastion host.

      image

    3. Enter your credentials and click Continue:

      • Password authentication — Enter your Bastionhost username and password.

      • Token authentication — Enter your Bastionhost username and O&M token. To get an O&M token, see Manage an O&M token.

      image

    4. If you are using password authentication and two-factor authentication is enabled for your account, enter the verification code when prompted. To configure two-factor authentication, see Enable two-factor authentication.

    5. On the asset management page, double-click the host to start an O&M session.

      image

    What's next

    For a list of RDP client names and versions compatible with Bastionhost, see Database O&M tools and versions.