All Products
Search

This Product

    Bastionhost:Use the shared key feature

    Document Center

    Bastionhost:Use the shared key feature

    Last Updated:Jun 19, 2024

    Bastionhost provides the shared key feature. This feature allows you to manage the private key that is used to log on to a host in a bastion host. This way, you can associate the private key with multiple accounts of the host to make host account management more efficient. This topic describes how to create and manage a shared key in a bastion host.

    Create a private key and associate it with host accounts

    You can create a private key in your bastion host and associate the private key with the accounts of a host. After you associate a private key with the accounts of a host, the private key becomes the shared key of the host. The shared key is preferentially used to log on to the host for O&M.

    1. Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.

    2. In the bastion host list, find the bastion host that you want to manage and click Manage.

    3. In the left-side navigation pane, choose Assets > Shared Key.

    4. On the Shared Key page, click Create Private Key.

    5. In the Create Private Key panel, specify Name, Private Key, and Encryption Password.

      Note

      In the Private Key section, enter a Rivest-Shamir-Adleman (RSA) key that is generated by using the ssh-keygen command or a key that is generated by using the Ed25519 algorithm.

    6. Click Create. Below the Finish message, click Associate Host Account.

    7. On the Associate Host Account page, select the host accounts to which you want to associate the private key, click Associate in the lower-left corner, and then click OK. To associate the private key with a single host account, click Associate in the Actions column of the host account and click OK.

      If you forget to associate the private key with host accounts when you create the private key, you can click Associate Host Account in the Actions column of the private key on the Shared Key page to associate the private key with host accounts.

      Note

      • You can associate a shared key only with host accounts whose Protocol is set to SSH.

      • A shared key can be associated with multiple host accounts, but a host account can be associated with only one shared key.

    Edit the information about a private key

    You can modify the basic information about a shared key, associate the shared key with host accounts, or disassociate the shared key from host accounts.

    1. Log on to the Bastionhost console. In the top navigation bar, select the region in which your bastion host resides.

    2. In the bastion host list, find the bastion host that you want to manage and click Manage.

    3. In the left-side navigation pane, choose Assets > Shared Key.

    4. On the Shared Key page, find the shared key that you want to manage and click Edit in the Actions column.

    5. In the dialog box that appears, edit the information about the private key.

      • On the Basic Information tab, modify the Name, Private Key, and Encryption Password parameters. After you modify the parameters, click Update.

        Note

        After the basic information about the shared key is updated, the time when the information was last modified is displayed in the Last Modified At column of the shared key on the Shared Key page.

      • On the Host Account tab, associate the shared key with a host account or disassociate the shared key from a host account.

        • Associate the shared key with a host account: Click Associate Host Account. In the Associate Host Account dialog box, select the host account to which you want to associate the shared key, click Associate in the lower-left corner or the Actions column, and then click OK.

        • Disassociate the shared key from a host account: In the Actions column of the host account from which you want to disassociate the shared key, click Disassociate.