I have been asked to do some research by a client into setting up a Bastion host (SSH Gateway). I have found a number of viable options online, all with varying pros/cons. I haven’t yet settled on a solution but am documenting the setup for each (Which is not always 100% clearly documented) in case I wish to return to them at a later day. I will keep this article updated as my research continues..
This package is a very good Terminal based Bastion host, it allows configuration via local files on the gateway with no web UI. Unfortunately without easily being able to customise the user account to use on the destination server this was a no-go for my client but I may look at setting up a Free IPA server for them in the future.
- Very easy setup (Link to be published soon after I have completed the formatting)
- Easy configuration via local files on the server
- Integration with Free-IPA
- Does not allow you to customise the user account used on the target machine (Unfortunately this was a no-go for my client).
This package is a very good Bastion host managed and used entirely over HTTP. Unfortunately my client is largely *nix based so were not overly comfortable using a web-based SSH client (Especially with a large volume of Nano users who would have been unable to use the Ctrl keys to navigate the editor).
- Web-based Administration and Access (Very good for Windows users)
- Very easy to add / remove hosts and manage user access
- Google 2FA Available
- Web-based Access ONLY (not overly suitable for *nix users)
- Documentation for the setup is quite messy (Have written my own guide, link to follow)
This is the premium product when it comes to Bastion hosts, it has a web interface for management and Terminal access.
- Very easy setup (Link to follow)
- Lots of integrations
- Works out to have a significant costing each month if you have a large linux server base.