Skip to content

Configure a Bastion

What is a Bastion?

A bastion is a server configured for access to specific infrastructure on a given network. It is provisioned with a public IP address and can be accessed via SSH. It provides a highly secure method of access and is used by only a select set of users. Users that are granted access, can then access other infrastructure on the same network.

Bastion SSH


To create a bastion, click to add a new application to your stack. From the new app screen, select Manual Configuration. Select Server as the app type and Bastion as the module.

Create Bastion


The bastion module provided by Nullstone uses IP Address whitelisting as well as SSH key authentication to keep access secure. From the Configuration tab, click to edit the configuration.

Configure Bastion

Provide a list of IPv4 or IPv6 addresses that should be allowed to access the bastion. You can provide a single address or a comma separated list of addresses.

Also, provide an SSH public key to authenticate the first user of the bastion.


Once the bastion has been configured and launched, additional SSH public keys can be granted access by logging into the bastion and adding them to the ~/.ssh/authorized_keys file.

Once the bastion has been configured, launch it in your first environment. Repeat the configuration and launch step for each environment. The list of IP addresses and users can be different for each environment.


Once launched, the public IP address will be available on the bastion's overview page. Use an SSH command to log in to the bastion or establish an SSH tunnel in order to forward ports to your local machine.

By default, the bastion will not have access to any other infrastructure on the network. To grant access, add a capability to the bastion for each set of infrastructure you want to access.

e.g. If you want to access a Postgres database, add a Postgres Access capability to the bastion.