To perform O&M operations on a host from a client, use a command-line tool or database O&M tool to log on to a bastion host. Then, you can use the bastion host to select the host assets for O&M. This topic describes how to perform O&M operations on assets by connecting to a bastion host from an SSH client on a Windows server.
Prerequisites
The assets that you want to manage and a user are imported to the bastion host. The user is authorized to manage the assets. For more information, see Add hosts, Manage users, and Host authorization.
NoteTo enable the bastion host to access the hosts in password-free mode, authorize the user to use the accounts of the hosts. For more information, see Authorize a user to manage hosts.
If you do not manage specific accounts in the bastion host, you can select Unauthorized Asset Accounts Are Allowed in the Special Asset Accounts section. This way, the user can manually enter the username and password of the host to access and perform O&M operations on the host. For more information about how to enable a special asset account, see Configure O&M settings.
The O&M addresses of the bastion host are obtained. You can obtain the O&M addresses in the Bastion Host Information section on the Overview page of the console of the bastion host. For more information, see Log on to the console of a bastion host.
NoteBastionhost provides fixed O&M addresses and supports dynamic O&M IP addresses to ensure security. The IP address to which the private O&M address of a bastion host is resolved may change. We recommend that you perform O&M operations by using an O&M address. This helps prevent unavailable O&M due to the IP address change.
The public key of a user is hosted on the bastion host if you want to log on to the bastion host by using the public key of the user. For more information, see Host the public key of a user.
An O&M tool that supports SSH, such as Xshell, SecureCRT, and PuTTY, is installed if you want to use a client tool for asset O&M.
For more information about the database O&M tools and versions that are compatible with Bastionhost, see Database O&M tools and versions.
Log on to a bastion host by using a command-line tool
Password authentication
Start the command-line tool and enter
ssh <Username of the bastion host>@<O&M address of the bastion host> -p 60022.By default, the SSH port number is 60022. For more information about how to change the O&M port of the bastion host, see Configure a port number.
Enter the password of the bastion host user.
If two-factor authentication is enabled for bastion host users, enter the verification code.
For more information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.
On the asset management page that appears, select the host for which you want to perform O&M operations by pressing the upward or downward arrow key, and press Enter to access the host for O&M.
Token authentication
Start the command-line tool and enter
ssh <Username of the bastion host>@<O&M address of the bastion host> -p 60022.By default, the SSH port number is 60022. For more information about how to change the O&M port of the bastion host, see Configure a port number.
In the Password section, enter the O&M token of the bastion host. For more information about how to obtain an O&M token, see Manage an O&M token.
Perform O&M operations on the host.
Public key authentication
Start the command-line tool and enter
ssh -i <Path to the private key file> <Username of the bastion host>@<O&M address of the bastion host> -p 60022.By default, the SSH port number is 60022. For more information about how to change the O&M port of the bastion host, see Configure a port number.
If two-factor authentication is enabled for bastion host users, enter the verification code. For more information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.
On the asset management page that appears, select the host for which you want to perform O&M operations by pressing the upward or downward arrow key, and press Enter to access the host for O&M.
Log on to a bastion host by using a client tool
Password authentication
Start Xshell. Click the New icon on the File menu. In the Properties of New Session dialog box that appears, click Connection in the left-side navigation pane and enter an O&M address and an SSH port number in the General section.
By default, the SSH port number is 60022. For more information about how to change the O&M port of the bastion host, see Configure a port number.
In the left-side navigation pane, choose Connection > Authentication, enter the username and password that are used to access the bastion host, and then click OK.
If two-factor authentication is enabled for bastion host users, enter the verification code and click OK.
For more information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.
On the asset management page that appears, select the host for which you want to perform O&M operations by pressing the upward or downward arrow key, and press Enter to access the host for O&M.
Token authentication
Start Xshell. Click the New icon on the File menu. In the Properties of New Session dialog box that appears, click Connection in the left-side navigation pane and enter an O&M address and an SSH port number in the General section.
By default, the SSH port number is 60022. For more information about how to change the O&M port of the bastion host, see Configure a port number.
In the left-side navigation pane, choose Connection > Authentication, enter the username and O&M token that are used to access the bastion host, and click OK. For more information about how to obtain an O&M token, see Manage an O&M token.
Perform O&M operations on the host.
Public key authentication
Start Xshell. Click the New icon on the File menu. In the Properties of New Session dialog box that appears, click Connection in the left-side navigation pane and enter an O&M address and an SSH port number in the General section.
By default, the SSH port number is 60022. For more information about how to change the O&M port of the bastion host, see Configure a port number.
In the left-side navigation pane, choose Connection > Authentication, and set Method to Public Key.
Click Setup. In the Setup Public Key dialog box, upload the private key file that matches the public key hosted on the bastion host and click OK.
Optional: If two-factor authentication is enabled for bastion host users, enter the verification code and click OK.
For more information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.
On the asset management page that appears, select the host for which you want to perform O&M operations by pressing the upward or downward arrow key, and press Enter to access the host for O&M.
Asset search guide
You can use one of the following methods to search for specific assets:
Enter
/Keyword. The search results are highlighted, as shown in the following figure.
Use the search feature provided by Bastionhost to filter specific assets by keyword.
For example, if you want to filter assets by keyword key, you can click [Search] to go to the [Search] page. Then, enter ls Key and press the Enter key. The assets that contain the filter condition key are automatically displayed, as shown in the following figure.
NoteFor more information about the [Search] command, enter
helporhelp ls.