Configure a Bastion
What is a Bastion?
A bastion is a server configured for access to specific infrastructure on a given network. It is provisioned with a public IP address and can be accessed via SSH. It provides a highly secure method of access and is used by only a select set of users. Users that are granted access, can then access other infrastructure on the same network.
Creation
To create a bastion, click to add a new application to your stack. From the new app screen, select Manual Configuration
. Select Server
as the app type and Bastion
as the module.
Configuration
The bastion module provided by Nullstone uses IP Address whitelisting as well as SSH key authentication to keep access secure. From the Configuration
tab, click to edit the configuration.
Provide a list of IPv4 or IPv6 addresses that should be allowed to access the bastion. You can provide a single address or a comma separated list of addresses.
Also, provide an SSH public key to authenticate the first user of the bastion.
TIP
Once the bastion has been configured and launched, additional SSH public keys can be granted access by logging into the bastion and adding them to the ~/.ssh/authorized_keys
file.
Once the bastion has been configured, launch it in your first environment. Repeat the configuration and launch step for each environment. The list of IP addresses and users can be different for each environment.
Usage
Once launched, the public IP address will be available on the bastion's overview page. Use an SSH command to log in to the bastion or establish an SSH tunnel in order to forward ports to your local machine.
By default, the bastion will not have access to any other infrastructure on the network. To grant access, add a capability to the bastion for each set of infrastructure you want to access.
e.g. If you want to access a Postgres database, add a Postgres Access
capability to the bastion.