Use Bastionhost Assistant to perform host O&M - Bastionhost

This topic describes how to automatically call a local client to perform host O&M by using the single-sign on (SSO) authentication scheme.

Prerequisites

You are granted the permissions on host O&M.
For more information about how to import hosts and grant permissions on the hosts as an administrator, see Add hosts, Manage users, and Authorize users or user groups to manage assets and asset accounts.
Note
- To allow password-free logons from O&M engineers, the administrator must grant the required permissions on the asset to the O&M engineers. For more information, see Authorize users or user groups to manage assets and asset accounts.
- To require O&M engineers to enter passwords when they log on to the host, the administrator can select Unauthorized Asset Accounts Are Allowed in the Special Asset Accounts section. In this case, host accounts are not hosted on the bastion host. For more information about how to enable a special asset account, see Configure O&M settings.
A client that supports Bastionhost Assistant is installed on your local system. For more information, see Clients supported by Bastionhost Assistant.
Bastionhost Assistant is installed on the system where the local client resides. For more information, see Download and install Bastionhost Assistant.

Step 1: Configure an O&M device

Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose Asset O&M > Host O&M.
On the Host O&M page, click Device Settings.

In the Device Settings panel, configure the O&M session information, such as the session title and resolution.

Device protocol	Description
RDP	Resolution: the size of the remote desktop window on the client. You can configure the window width and height. Default resolution: 800 × 600. Connection Mode: If you select Connect to Management Sessions, permission verification for ApsaraDB RDS is skipped on the remote server during Remote Desktop Protocol (RDP)-based O&M. Local Devices and Resources: the local devices and resources that can be mapped to remote servers during O&M, including printers and clipboards. Session Title: the session title that is displayed at the top of the remote desktop window. You can configure the asset IP address, asset port, asset name, asset logon name, and protocol. The session title is displayed only when you use Windows to perform O&M. Note By default, the session title is not displayed in full-screen mode. The spaces in the asset name are displayed as underscores (_) in the session title. Local Drivers: the local drives that are mapped to the remote server during O&M. The drivers are displayed only when you use Windows to perform O&M. Client Path: the path of the local client. You must enter the full installation path of the local client. This path is displayed only when you use macOS to perform O&M.
SSH	Local Client: the default local client that is called. Xshell, PuTTY, SecureCRT, and MobaXterm are supported. Device Type: the collection of features and behaviors that are supported by the device controller. VT100, xterm, and Linux are supported. Encoding Method: the encoding method supported by the client tool. Default value: UTF-8. Session Title: the session title that is displayed on the client. You can configure the asset IP address, asset port, asset name, asset logon name, and protocol. The session title is displayed only when you use Windows to perform O&M. Note You cannot modify session titles in MobaXterm. The spaces in the asset name are displayed as underscores (_) in the session title. Client Path: the path of the local client. You must enter the full installation path of the local client. This path is displayed only when you use macOS to perform O&M.
SFTP	Local Client: the default local client that is called. Xftp, WinSCP, FileZilla, FlashFXP, SecureFX, and MobaXterm are supported. Session Title: the session title that is displayed on the client. You can configure the asset IP address, asset port, asset name, asset logon name, and protocol. The session title is displayed only when you use Windows to perform O&M. Client Path: the path of the local client. You must enter the full installation path of the local client. This path is displayed only when you use macOS to perform O&M.

Step 2: Perform host O&M

Bastionhost console

Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.
In the bastion host list, find the bastion host that you want to manage and click Manage.
In the left-side navigation pane, choose Asset O&M > Host O&M.
On the Host O&M page, find the host that you want to manage.
In the Remote Connection column, click the drop-down arrow. In the dialog box that appears, select a host account, set the Logon Method parameter to Local Client Logon, and then click Log On.

O&M portal

Log on to the O&M portal. For more information, see Log on to the O&M portal.
In the left-side navigation pane, click Hosts.
In the Remote Connection column, click the drop-down arrow. In the dialog box that appears, select a host account, set the Logon Method parameter to Local Client Logon, and then click Log On.