- Enterprise Cloud Security and Governance
- Zeal Vora
- 196字
- 2025-04-04 17:38:54
Practical implementation of bastion hosts
Let's see how we implement it with the Terminal. We have three servers for a demo purpose:
- Workstation: This is my laptop, which holds the private key
- Bastion server: mydreams will be our bastion server
- Remote server: mylife will be our remote server
Prerequisite: It is assumed that the public key of the user is added to the authorized_keys in both bastion as well as the remote server:
- Verify the contents of SSH agent:
This is my workstation (laptop) from which I will log in to bastion with SSH agent forwarding. If we see the current content of ssh-agent, my private key is already associated with the agent:
- Log in to the bastion server:
We now log in to the bastion server. Notice the –A option that stands for agent forwarding:
- Check if the agent has been forwarded:
If we run the ssh-add –l command on the bastion server, you will notice that the output will be similar to that of your workstation:
- Log in to the remote server:
Now, if we log in to the remote server, you will notice that it will log you in directly:
