Use an SSH client or a third-party SSH tool to log in to your Bastionhost instance and connect to managed host assets for O&M. This topic uses macOS terminal (command-line) and ZOC 8 as examples.
Prerequisites
Before you begin, ensure that you have:
Hosts and a user added to the bastion host, with the user authorized to manage those hosts. For details, see Add hosts, Manage users, and Authorize users or user groups to manage assets and asset accounts
The O&M address of the Bastionhost instance, available in the Bastion Host Information section on the Overview page. For details, see Overview of the Bastionhost console
(For public key authentication) The user's public key hosted on the bastion host. For details, see Host the public key of a user
(For client tool O&M) An SSH-compatible O&M tool installed, such as ZOC 8. For compatible database O&M tools, see Database O&M tools and versions
Bastionhost provides a fixed O&M address in domain name format and uses dynamic IP addresses to prevent attacks. Always use the domain name rather than the IP address to avoid O&M failures caused by IP address changes.
Access accounts for hosts:
To allow the bastion host to access a host without entering credentials manually, authorize the user to use that host's accounts. For details, see Authorize a user to manage the accounts of one or more assets.
If no specific accounts are managed in the bastion host, select Unauthorized Asset Accounts Are Allowed in the Special Asset Accounts section. This lets the user enter the host's username and password manually to connect. For details, see Configure O&M settings.
Connect via command-line tool
The default SSH port for Bastionhost is 60022. To change the port, see Configure the bastion host port number.
Password authentication
Open a terminal.
Run the following command, replacing
<username>with your bastion host username and<O&M-address>with the O&M address from the console:ssh <username>@<O&M-address> -p 60022Enter the bastion host user's password when prompted.
If two-factor authentication (2FA) is enabled for the user, enter the verification code. To configure 2FA, see Enable two-factor authentication.
On the asset management page, use the up and down arrow keys to select the target host, then press Enter to connect. For search tips, see Search for assets.
Token authentication
Open a terminal.
Run the following command, replacing
<username>with your bastion host username and<O&M-address>with the O&M address:ssh <username>@<O&M-address> -p 60022Enter your O&M token when prompted. To get a token, see Manage an O&M token.
Perform O&M operations on the host.
Public key authentication
Open a terminal and run the following command, replacing
<private-key-path>,<username>, and<O&M-address>with your values:ssh -i <private-key-path> <username>@<O&M-address> -p 60022If two-factor authentication is enabled, enter the verification code. To configure 2FA, see Enable two-factor authentication.
On the asset management page, use the up and down arrow keys to select the target host, then press Enter to connect. For search tips, see Search for assets.
Connect via ZOC 8
The following steps use ZOC 8 as an example client tool. The default SSH port is 60022.
Password authentication
Launch ZOC 8 and click Host Directory.
On the Host tab, enter the O&M address of the bastion host, set the port to 60022, and click OK.
On the Login tab, enter the bastion host username and password, then click OK.
If two-factor authentication is enabled, enter the verification code and click OK. To configure 2FA, see Enable two-factor authentication.
On the asset management page, use the up and down arrow keys to select the target host, then press Enter to connect.
Token authentication
Launch ZOC 8 and click Host Directory.
On the Host tab, enter the O&M address of the bastion host, set the port to 60022, and click OK.
On the Login tab, enter the username and password that are used to access the bastion host, then click OK. To get a token, see Manage an O&M token.
Perform O&M operations on the host.
Search for assets
After logging in, search for a target host in either of the following ways:
Quick search: Type
/+search content. Matching results are highlighted in the list.Bastionhost Search feature: Click [Search]. On the [Search] page, enter
ls <keyword>and press Enter to filter hosts by keyword.
For a full list of [Search] commands, enter help or help ls on the [Search] page.