Add Bastion User ​

Before a user can access private network resources, an admin must configure the bastion to allow that user. Before getting started, the admin needs:

• SSH Key with access to the Bastion
• Bastion IP address (Visit the Bastion Overview page and look for "Public URLs")

Follow these steps to enable user access:

• Admin allows IP Address
• Users generates an SSH Key
• Admin allows user's public SSH Key
• Test user access

Allow IP Address ​

Visit the Bastion in Nullstone and go to the Configuration tab. Add the user's IP address to the list of IP addresses and apply changes. Have the user visit https://www.whatismyip.com/ to view their public IP address.

Generate SSH Key ​

If the user doesn't have an SSH Key, they will need to generate one. GitHub has a great guide for generating a new SSH Key here.

Remember the filenames of the SSH Key you generated. If you followed the GitHub guide, you should have generated two files:

• Private Key: ~/.ssh/id_ed25519
• Public Key: ~/.ssh/id_ed25519.pub

Allow SSH Key ​

In the previous guide, we launched the Bastion with ssh_public_key. This is the public key associated to the administrator and will be used to configure the user's SSH Key.

To enable user access, we need to add the user's SSH public key to a set of authorized keys on the Bastion. As the administrator, connect to the Bastion and add the user's public key.

ssh ubuntu@<bastion-ip>
cat <<EOF >> ~/.ssh/authorized_keys
<paste user's ssh key (filename ends with .pub)>
EOF

ssh ubuntu@<bastion-ip>
cat <<EOF >> ~/.ssh/authorized_keys
<paste user's ssh key (filename ends with .pub)>
EOF

That's it! You can exit from the SSH Tunnel.

Test User Access ​

Using the SSH key generated in Step 2, the user can attempt to access the Bastion now. The -i flag refers to the filename of the generated private key.

ssh -i ~/.ssh/id_ed25519 ubuntu@<bastion-ip>

ssh -i ~/.ssh/id_ed25519 ubuntu@<bastion-ip>