Definition – What does Bastion Host mean?
A bastion host is a specialized computer that is deliberately exposed on a public network. From a secured network perspective, it is the only node exposed to the outside world and is therefore very prone to attack. It is placed outside the firewall in single firewall systems or, if a system has two firewalls, it is often placed between the two firewalls or on the public side of a demilitarized zone (DMZ).
The bastion host processes and filters all incoming traffic and prevents malicious traffic from entering the network, acting much like a gateway. The most common examples of bastion hosts are mail, domain name system, Web and File Transfer Protocol (FTP) servers. Firewalls and routers can also become bastion hosts.
The steps are as follows :
- ssh into bastion host:
– I used putty to connect to by Bastion instance.
- create file name after the keypair name but ending in .pem.
- Under /home/ubuntu run the following command to create the file>
- copy contents from .pem file into the file you created ( use the text editor vi)
-This step could be confusing but here’s what you will need to do:
Lets first get to what a keypair is for those who don’t know, and theres quite a few out there. When you created your instance, you were given the option to create a keypair and then download the keypair for the instance. Think of it as an actual key for your house, and the the instance represents your house. Without a key, you cant gain access to your house, the same applies to your instance. Without the keypair, you cant gain access to your instance.
Okay back to BASTION, so what you will need to do it copy the actual contents of the .pem file which should look like the following:
I’ve blacked out most of the contents my my .pem file because as you know, this information is quite sensitive.
Now on the terminal, run the following command and hit enter :
What is vi? Well vi is a Linux text editor that allows you add text to a newly created file which is what we doing or edit text on existing files on your machine. For this exercise, there are five keys on your keyboard that we will be using. They are the following:
- ESC – takes us out of inset mode
- : used before typing command
- w – write ( writes changes just made, that it adding contents from .pem)
- q – quit ( which takes us out of vi )
Well its actually four, I counted enter as one but nobody cares right? Okay, lets move on.
So after hitting enter for the command (vi yourkeypair.pem), you will be presented with the following bank screen:
Next, you will press “i” on the keyboard which takes you to insert mode.
Now you will paste the contents from the .pem file. It should look like this:
-Now we will have to confirm the changes and then exit the vi text editor. This will be done using the following keys:
So the sequence you will follow is , after pasting contents from .pem PRESS :
ESC, then shift : and the wq and hit enter.
I’ve added an example below of what it should look like :
After hitting enter, your take back to the directory you were in:
- So now you have created a .pem file named after your keypair, and added the contents of the .pem file to the file you created using the vi text editor.
- Now we will need to change permissions to 400 on the .pem file created, which will make it a read only file.
- Hit enter and run the command ls -l to confirm that the permissions for the .pem file is read only.
Now we will need to ssh into our instance through the bastian host we just created using the following command :
And there you go, you just created a bastion host and managed to SSH into one of your other machines making access to the machine more secure. Well not really secure but I’ll leave that for you to do.