Connect to Bastionhost over SSH using a command-line tool or an SSH client such as Xshell, then select and access the managed hosts for O&M operations.
This topic covers the following connection methods:
Prerequisites
Before you begin, ensure that you have:
Imported the assets you want to manage into Bastionhost and authorized the user to manage those assets. For more information, see Add hosts, Manage users, and Authorize users or user groups to manage assets and asset accounts
Obtained the O&M address of Bastionhost from the Overview page in the Bastion Host Information area. For more information, see Bastionhost page overview
(For public key authentication) Hosted the public key of your user on the bastion host. For more information, see Host the public key of a user
(For client tool connections) Installed an SSH-compatible O&M tool such as Xshell, SecureCRT, or PuTTY
Note: Bastionhost assigns fixed O&M addresses in domain name format while using dynamic IP addresses to prevent attacks. The IP address resolved from the O&M address may change. Always use the domain name address to avoid O&M failures caused by IP address changes.
For compatible database O&M tools and versions, see Database O&M tools and versions.
Usage notes
To enable password-free access, authorize the user to use the host accounts. For more information, see Authorize a user to manage assets and asset accounts.
If you do not manage specific accounts in Bastionhost, select Unauthorized Asset Accounts Are Allowed in the Special Asset Accounts section. Users can then enter the host username and password manually. For more information, see Configure O&M settings.
The default SSH port is 60022. To change it, see Configure the bastion host port number.
Log on to a bastion host by using a command-line tool
Password authentication
Run the following command to connect to the bastion host:
ssh <Username of the bastion host>@<O&M address of the bastion host> -p 60022Enter the password of the bastion host user.
If two-factor authentication (2FA) is enabled, enter the verification code. For more information, see Enable two-factor authentication.
On the asset management page, press the up or down arrow key to select the host you want to access, then press Enter.
Token authentication
Run the following command to connect to the bastion host:
ssh <Username of the bastion host>@<O&M address of the bastion host> -p 60022When prompted for a password, enter your O&M token. For more information about how to get an O&M token, see Manage an O&M token.
Select the host and perform O&M operations.
Public key authentication
Run the following command to connect to the bastion host using your private key:
ssh -i <Path to the private key file> <Username of the bastion host>@<O&M address of the bastion host> -p 60022If two-factor authentication (2FA) is enabled, enter the verification code. For more information, see Enable two-factor authentication.
On the asset management page, press the up or down arrow key to select the host you want to access, then press Enter.
Log on to a bastion host by using a client tool
The following steps use Xshell as an example.
Password authentication
Open Xshell. On the File menu, click the New icon. In the Properties of New Session dialog box, click Connection in the left pane and enter the O&M address and SSH port number under General.
In the left pane, choose Connection > Authentication. Enter the bastion host username and password, then click OK.
If two-factor authentication (2FA) is enabled, enter the verification code and click OK. For more information, see Enable two-factor authentication.
On the asset management page, press the up or down arrow key to select the host you want to access, then press Enter.
Token authentication
Open Xshell. On the File menu, click the New icon. In the Properties of New Session dialog box, click Connection in the left pane and enter the O&M address and SSH port number under General.
In the left pane, choose Connection > Authentication. Enter the bastion host username and O&M token, then click OK. For more information about how to get an O&M token, see Manage an O&M token.
Select the host and perform O&M operations.
Public key authentication
Open Xshell. On the File menu, click the New icon. In the Properties of New Session dialog box, click Connection in the left pane and enter the O&M address and SSH port number under General.
In the left pane, choose Connection > Authentication. Set Method to Public Key.
Click Setup. In the Setup Public Key dialog box, upload the private key file that matches the public key hosted on the bastion host, then click OK.
(Optional) If two-factor authentication (2FA) is enabled, enter the verification code and click OK. For more information, see Enable two-factor authentication.
On the asset management page, press the up or down arrow key to select the host you want to access, then press Enter.
Search for assets
After logging on to the bastion host, use either of the following methods to find a specific asset on the asset management page:
Quick search: Type
/+search content. Matching results are highlighted.
Filtered search: Press [Search] to enter the search page, type
ls <keyword>, and press Enter. The asset list filters to show only assets containing the keyword.For example, to filter assets containing "key", type
ls keyand press Enter.Note: For a full list of supported [Search] commands, type
helporhelp lson the search page.