Bastion SSH Host

Configure SSH bastion host

A bastion host allows SSH connections to servers in a VPC or local network without opening the SSH port on the internal servers.

Configure Host Certificates

If host certificates are used install the SSH host client. Replace the token, hostname and server for your configuration. The commands below apply only to AmazonLinux 1 for more distros refer to the Install SSH Host Client documentation.

sudo tee -a /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/amazonlinux/1/
gpgcheck=1
enabled=1
EOF

gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp
sudo yum -y install pritunl-ssh-host

sudo pritunl-ssh-host config add-token Hi9LBYn8MxGlP5z7F460svVS4ZSBxTweg7FQK071qX9yIa4t
sudo pritunl-ssh-host config hostname bastion
sudo pritunl-ssh-host config server zero-user.pritunl.com

Configure Bastion Host

The commands below will create a dedicated user for SSH bastion connections. Update the principals and trusted authorities for your configuration. Replace the domain in PermitOpen *.pritunl.com:22 with the authority host domain.

Once done set the Bastion Host in the Authority settings to the bastion domain with the git username prefixed such as bastion@bastion.gitlab.pritunl.com

PreviousInstall SSH Host ClientNextAuto Route53 Configuration

Last updated