All Products
Search

This Product

    Bastionhost:Perform SSH-based O&M

    Document Center

    Bastionhost:Perform SSH-based O&M

    Last Updated:Oct 22, 2025

    To perform O&M operations on host assets from a client, you can use a command-line tool or database O&M tool to log on to a bastion host. Then, you can use the bastion host to select the host assets for O&M. This topic describes how to use an SSH client in a macOS operating system to log on to a bastion host and perform O&M operations on assets.

    Prerequisites

    • The assets that you want to manage and a user are imported to the bastion host. The user is authorized to manage the assets. For more information, see Add hosts, Manage users, and Authorize users or user groups to manage assets and asset accounts.

      Note

      • To enable the bastion host to access a host in password-free mode, authorize the user to use the accounts of the host. For more information, see Authorize a user to manage the accounts of one or more assets.

      • If you do not manage specific accounts in the bastion host, you can select Unauthorized Asset Accounts Are Allowed in the Special Asset Accounts section. This way, the user can manually enter the username and password of the host to access and perform O&M operations on the host. For more information about how to configure the Special Asset Accounts section, see Configure O&M settings.

    • The O&M address of the Bastionhost instance is obtained. You can find the O&M address in the Bastion Host Information section on the Overview page. For more information, see Overview of the Bastionhost console.概览

      Note

      Bastionhost provides a fixed O&M address in a domain name format and uses dynamic IP addresses to prevent attacks. The IP address that is resolved from the O&M address may change. To prevent O&M failures that are caused by IP address changes, use the domain name that is provided by Bastionhost for O&M.

    • The public key of a user is hosted on the bastion host if you want to log on to the bastion host using public key authentication. For more information, see Host the public key of a user.

    • An O&M tool that supports SSH, such as ZOC 8, is installed if you want to use a client tool for asset O&M.

      For more information about the database O&M tools and versions that are compatible with Bastionhost, see Database O&M tools and versions.

    Log on to a bastion host using a command-line tool

    Password authentication

    1. Start the command-line tool.

    2. Enter ssh <Username of the bastion host>@<O&M address of the bastion host> -p 60022 and press Enter.

      The default SSH port is 60022. For information about how to change the O&M port of the bastion host, see Configure the bastion host port number.

    3. Enter the password of the bastion host user.

      mac登录ssh

    4. If two-factor authentication is enabled for bastion host users, enter the verification code.

      For information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.

      mfa验证

    5. On the asset management page that appears, select the host on which you want to perform O&M operations by pressing the upward or downward arrow key, and then press Enter to access the host for O&M.

      For more information, see the Asset search guide section of this topic.

    Token authentication

    1. Start the command-line tool.

    2. Enter ssh <Username of the bastion host>@<O&M address of the bastion host> -p 60022 and press Enter.

      The default SSH port is 60022. For information about how to change the O&M port of the bastion host, see Configure the bastion host port number.

    3. Enter the O&M token of the bastion host. For more information about how to obtain an O&M token, see Manage an O&M token.

      mac登录ssh

    4. Perform O&M operations on the host.

    Public key authentication

    1. Start the command-line tool. Enter ssh -i <Path to the private key file> <Username of the bastion host>@<O&M address of the bastion host> -p 60022.

      The default SSH port is 60022. For information about how to change the O&M port of the bastion host, see Configure the bastion host port number.

    2. If two-factor authentication is enabled for the bastion host user, enter the verification code. For information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.

    3. On the asset management page that appears, select the host on which you want to perform O&M operations by pressing the upward or downward arrow key, and then press Enter to access the host for O&M.

      For more information, see the Asset search guide section of this topic.

    Log on to a bastion host using a client tool

    ZOC 8 is used as an example to describe the O&M process.

    Password authentication

    1. Launch the ZOC 8 client and click Host Directory.

    2. On the Host tab, enter the O&M address of the bastion host, specify 60022 as the port number, and then click OK.

      The default SSH port is 60022. For information about how to change the O&M port of the bastion host, see Configure the bastion host port number.

      image

    3. On the Login tab, enter the username and password that are used to access the bastion host, and click OK.

      image

    4. If two-factor authentication is enabled for bastion host users, enter the verification code and click OK.

      For information about how to configure two-factor authentication for bastion host users, see Enable two-factor authentication.

      image

    5. On the asset management page that appears, select the host on which you want to perform O&M operations by pressing the upward or downward arrow key, and then press Enter to access the host for O&M.

    Token authentication

    1. Launch the ZOC 8 client and click Host Directory.

    2. On the Host tab, enter the O&M address of the bastion host and specify 60022 as the port number, and then click OK.

      The default SSH port is 60022. For information about how to change the O&M port of the bastion host, see Configure the bastion host port number.

      image

    3. On the Login tab, enter the username and password that are used to access the bastion host, and then click OK.

      For more information about how to obtain an O&M token, see Manage an O&M token.

      image

    4. Perform O&M operations on the host.

    Asset search guide

    You can search for a target asset in one of the following ways:

    • Use /+search content. The search results are highlighted.

    • Use the Search feature that is provided by Bastionhost to filter assets by keyword.

      For example, to filter assets by the keyword "key", click [Search]. On the [Search] page, enter "ls key" and press Enter. The assets that meet the filter condition are displayed in the asset list.

      Note

      For more information about the [Search] command, enter help or help ls.