All Products
Search

This Product

    Bastionhost:Perform SSH-based O&M

    Document Center

    Bastionhost:Perform SSH-based O&M

    Last Updated:Jul 08, 2024

    To perform O&M operations on host assets from a client, you can use a command-line tool or database O&M tool to log on to a bastion host. Then, you can use the bastion host to select the host assets for O&M. This topic describes how to use an SSH client in a macOS operating system to log on to a bastion host and perform O&M operations on assets.

    Prerequisites

    • The assets that you want to manage and a user are imported to the bastion host. The user is authorized to manage the assets. For more information, see Add hosts, Manage users, and Authorize users or user groups to manage assets and asset accounts.

      Note

      • To enable the bastion host to access a host in password-free mode, authorize the user to use the accounts of the host. For more information, see Authorize a user to manage the accounts of one or more assets.

      • If you do not manage specific accounts in the bastion host, you can select Unauthorized Asset Accounts Are Allowed in the Special Asset Accounts section. This way, the user can manually enter the username and password of the host to access and perform O&M operations on the host. For more information about how to configure the Special Asset Accounts section, see Configure O&M settings.

    • The O&M addresses of the bastion host are obtained. You can obtain the O&M addresses in the Bastion Host Information section on the Overview page in the console of the bastion host. For more information, see Log on to the console of a bastion host. 概览

      Note

      Bastionhost provides fixed O&M addresses and supports dynamic O&M IP addresses to ensure security. If you use IP addresses to connect to bastion hosts, the connection can fail due to IP address changes. To avoid this issue, we recommend that you use the O&M addresses of bastion hosts to perform O&M operations.

    • The public key of a user is hosted on the bastion host if you want to log on to the bastion host by using public key authentication. For more information, see Host the public key of a user.

    • An O&M tool that supports SSH, such as ZOC 8, is installed if you want to use a client tool for asset O&M.

      For more information about the database O&M tools and versions that are compatible with Bastionhost, see Database O&M tools and versions.

    Log on to a bastion host by using a command-line tool

    Password authentication

    1. Start the command-line tool.

    2. Enter ssh <Username of the bastion host>@<O&M address of the bastion host> -p 60022 and press Enter.

      The default SSH port is 60022. For information about how to change the O&M port of the bastion host, see Configure a port number.

    3. Enter the password of the bastion host user.

      mac登录ssh

    4. If two-factor authentication is enabled for bastion host users, enter the verification code.

      For information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.

      mfa验证

    5. On the asset management page that appears, select the host on which you want to perform O&M operations by pressing the upward or downward arrow key, and then press Enter to access the host for O&M.

      For more information, see the Asset search guide section of this topic.

    Token authentication

    1. Start the command-line tool.

    2. Enter ssh <Username of the bastion host>@<O&M address of the bastion host> -p 60022 and press Enter.

      The default SSH port is 60022. For information about how to change the O&M port of the bastion host, see Configure a port number.

    3. Enter the O&M token of the bastion host. For more information about how to obtain an O&M token, see Manage an O&M token.

      mac登录ssh

    4. Perform O&M operations on the host.

    Public key authentication

    1. Start the command-line tool. Enter ssh -i <Path to the private key file> <Username of the bastion host>@<O&M address of the bastion host> -p 60022.

      The default SSH port is 60022. For information about how to change the O&M port of the bastion host, see Configure a port number.

    2. If two-factor authentication is enabled for the bastion host user, enter the verification code. For information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.

    3. On the asset management page that appears, select the host on which you want to perform O&M operations by pressing the upward or downward arrow key, and then press Enter to access the host for O&M.

      For more information, see the Asset search guide section of this topic.

    Log on to a bastion host by using a client tool

    ZOC 8 is used as an example to describe the O&M process.

    Password authentication

    1. Launch the ZOC 8 client and click Host Directory.

    2. On the Host tab, enter the O&M address of the bastion host, specify 60022 as the port number, and then click OK.

      The default SSH port is 60022. For information about how to change the O&M port of the bastion host, see Configure a port number.

      image

    3. On the Login tab, enter the username and password that are used to access the bastion host, and click OK.

      image

    4. If two-factor authentication is enabled for bastion host users, enter the verification code and click OK.

      For information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.

      image

    5. On the asset management page that appears, select the host on which you want to perform O&M operations by pressing the upward or downward arrow key, and then press Enter to access the host for O&M.

    Token authentication

    1. Launch the ZOC 8 client and click Host Directory.

    2. On the Host tab, enter the O&M address of the bastion host and specify 60022 as the port number, and then click OK.

      The default SSH port is 60022. For information about how to change the O&M port of the bastion host, see Configure a port number.

      image

    3. On the Login tab, enter the username and password that are used to access the bastion host, and then click OK.

      For more information about how to obtain an O&M token, see Manage an O&M token.

      image

    4. Perform O&M operations on the host.

    Asset search guide

    You can use one of the following methods to search for specific assets:

    • Enter /Keyword. The search results are highlighted, as shown in the following figure.

      image.png

    • Use the search feature provided by Bastionhost to filter specific assets by keyword.

      For example, if you want to filter assets by keyword key, you can click [Search] to go to the [Search] page. Then, enter ls Key and press Enter. The assets that contain the filter condition key are automatically displayed, as shown in the following figure.

      image.png

      Note

      For more information about the [Search] command, enter help or help ls.