When you manage dozens of host accounts, keeping a separate private key for each account creates overhead: any key rotation requires updating every account individually. The shared key feature in Bastionhost lets you store a single private key centrally and associate it with multiple SSH host accounts at once. When the shared key is associated, Bastionhost uses it as the preferred credential when logging on to the host for O&M.
Prerequisites
Before you begin, ensure that you have:
A Bastionhost instance with at least one host added under Assets
One or more host accounts with Protocol set to SSH (shared keys only work with SSH accounts)
An RSA or Ed25519 private key ready to import
To generate a key if you don't have one:
# RSA
ssh-keygen -t rsa -b 4096 -f ~/.ssh/my_shared_key
# Ed25519
ssh-keygen -t ed25519 -f ~/.ssh/my_shared_keyCopy the contents of the private key file (for example, ~/.ssh/my_shared_key) when filling in the Private Key field.
Create a shared key and associate it with host accounts
Log on to the Bastionhost console. In the top navigation bar, select the region where your Bastionhost instance resides.
In the bastion host list, find the Bastionhost instance you want to manage and click Manage.
In the left-side navigation pane, choose Assets > Shared Key.
On the Shared Key page, click Create Private Key.
In the Create Private Key panel, fill in the following fields:
Field Description Name A display name for the shared key Private Key Paste the full contents of your RSA or Ed25519 private key file Encryption Password The passphrase that protects the private key, if one was set during key generation. Leave blank if the key has no passphrase. Click Create. When the Finish confirmation appears, click Associate Host Account.
On the Associate Host Account page, select the SSH host accounts to link to this key.
To associate multiple accounts at once: select the accounts, then click Associate in the lower-left corner.
To associate a single account: click Associate in the Actions column for that account.
NoteYou can only associate a shared key with host accounts whose Protocol is set to SSH. A shared key can be linked to multiple host accounts, but each host account can only be linked to one shared key.
Click OK to confirm.
If you skipped the association step after creation, go back to the Shared Key page and click Associate Host Account in the Actions column of the key.
Edit a shared key
Use the edit dialog to update the key's name, replace the private key, change the encryption password, or manage host account associations.
Log on to the Bastionhost console. In the top navigation bar, select the region where your Bastionhost instance resides.
In the bastion host list, find the Bastionhost instance you want to manage and click Manage.
In the left-side navigation pane, choose Assets > Shared Key.
On the Shared Key page, find the shared key you want to update and click Edit in the Actions column.
In the dialog box, switch between the following tabs to make changes: Basic Information tab — Update the key's Name, Private Key, or Encryption Password, then click Update. The Last Modified At column on the Shared Key page reflects the update time. Host Account tab — Manage which host accounts are linked to this key:
Associate a host account: Click Associate Host Account, select the accounts in the dialog box, click Associate in the lower-left corner or the Actions column, and then click OK.
Disassociate a host account: Click Disassociate in the Actions column of the host account you want to remove.