Use MSTSC (Windows Remote Desktop Connection) to connect to a Bastionhost instance and access Windows hosts for O&M operations. Bastionhost proxies the Remote Desktop Protocol (RDP) connection, so you connect to the bastion host rather than directly to the target host.
How it works
When you connect to the bastion host over RDP, Bastionhost authenticates your identity and routes traffic to the target host you select. You never connect directly to the target host — the bastion host acts as an audited gateway.
Prerequisites
Before you begin, ensure that you have:
Assets and user authorization The hosts you want to manage are imported into Bastionhost, and the user account you use is authorized to manage those hosts. See Add hosts, Manage users, and Authorize users or user groups to manage assets and asset accounts.
To let Bastionhost access hosts without requiring you to enter credentials each time, authorize the user to use the hosts' asset accounts. See Authorize a user to manage assets and asset accounts. If no asset accounts are managed in Bastionhost, enable Unauthorized Asset Accounts Are Allowed in the Special Asset Accounts section so that you can enter the host username and password manually. See Configure O&M settings.
O&M address Obtain the O&M address from the Bastion Host Information section on the Overview page in the Bastionhost console. See Log on to the console of a bastion host.
Bastionhost supports both fixed O&M addresses and dynamic O&M IP addresses. Because the IP address behind the private O&M address may change, always connect using the O&M address rather than the IP address directly.
Connect to a host
RDP connections to Bastionhost support two authentication methods: password authentication and token authentication. Both methods share the same opening steps — the difference is how you authenticate in step 3.
Steps 1–2: Open MSTSC and enter the O&M address
Start MSTSC on your Windows server.
Enter the O&M address in the following format, then click Connect:
<O&M address>:63389For example:
kagp******-public.bastionhost.aliyuncs.com:63389The default RDP port is63389. To change the O&M port, see Configure a bastion host.
Step 3: Authenticate
Choose one of the following methods:
Password authentication
In the Remote Desktop Connection dialog box, click Yes.
In the login dialog box, enter the username and password of your Bastionhost account, then click Login.
If two-factor authentication is enabled, enter the verification code. To configure two-factor authentication, see Enable two-factor authentication.
Token authentication
On the General tab in MSTSC, enter the O&M address, enter your Bastionhost username, select Allow me to save credentials, and click Connect.
In the dialog box that appears, enter the O&M token of the bastion host, then click OK. To get an O&M token, see Manage an O&M token.
In the Remote Desktop Connection dialog box, click Yes.
Step 4: Select a host
On the asset management page, double-click the host you want to access. The host session opens.
References
For a list of remote connection tools and versions compatible with Bastionhost, see Database O&M tools and versions.