Create a authorized_keys file with all public keys that can connect to this bastion.
Then run the following command to start the bastion. first you need to create authorized_keys file.
docker run --name bastion -d --restart=always -v $(pwd)/authorized_keys:/home/dev/.ssh/authorized_keys:ro -p 9022:9022 chentm/bastion
To connect through the bastion
ssh -A -t -p 9022 [email protected] ssh -t [email protected]
The bastion itself do not have firewalls to limit the source connections. You can use the firewall at the host machine or the security group from AWS to limit the connecitons to port 9022.
Users can do pretty much nothing with the bastion. Only ssh/sshd commands are available.
Run the following commands to build the docker image before running docker run
git clone https://github.com/chentmin/bastion.git
docker build -t chentm/bastion bastion
It only needs to download ~2MB from Github, although it could be slow to download from China.
This bastion is based on Alpine Version 3.2.
Security harden script is modified based on this