DEV Community

Cover image for Bastion Host | Jump Server
Surya Shankar
Surya Shankar

Posted on • Edited on

Bastion Host | Jump Server

What is a Bastion Host ?

  • A bastion host is a server whose purpose is to provide access to a private network from an external network, such as the Internet. Because of its exposure to potential attack, a bastion host must minimize the chances of penetration.

Why to use ?

  • If we want to SSH into EC2 instance on the private subnet from our home/office (or using a development machine), currently we can’t. Our instance has no public IP, it is in a Private Subnet (no direct route from the internet). This is where we can use a Bastion Server or Jump server.

The purpose of a bastion host

  • To restrict access to a private network from an external network.

Now lets us deploy a window server [disable public ip]

  • Search for Ec2
  • Launch instance
  • choose T2micro[free tier]

Image description

  • Disable public ip. [as we never provide a public ip to our database]

  • add storage

Image description

  • add tags

Image description

  • Name the instance as Database or anything you want.

  • next configure security group

Image description

  • select all traffic and anywhere [generally this is not a best industry practice , we only allow custom ips]

Image description

  • now download the key pair and launch

Image description

  • decrypt the password

Image description

  • download remote desktop and paste private ip ..

Image description

  • As we see , its not allowing because to ssh into a instance need a public ip.

Image description

Now lets us deploy a window server/Jump server with in same vpc [enable public ip]

  • launch instance

  • select T2micro

  • enable public ip

  • name it as jump server

Image description

  • select all traffic anywhere and launch .

Image description

Image description

  • launch instance
  • view instance
  • Check box it [jump server] and try to connect .

Image description

Image description

Image description

Image description

  • here we successfully connect to our server.

Image description

  • now we can access to our database within this server only,here this server acts as a bastion host.

  • click Window+r

  • type mstsc

Image description

  • put private ip of database server and connect

Image description

here we successfully connected to our database.

Image description

Top comments (1)

Collapse
 
shankarsurya035 profile image
Surya Shankar

alert("sss")