BastionsΒΆ
Bastion enables accessing a group of monitored servers through the same IP address and port number combination. Single server is identified by its name included in the user login, e.g. ssh john_smith#mail_server@10.0.0.8
.
Bastions allow maintaining access through the protocols default port numbers.
Bastions management page
The bastions management page allows adding new and editing existing bastions definitions.
To open the bastions management page, select
> .![../../_images/bastions.png](../../_images/bastions.png)
Adding a bastion
To add a bastion, proceed as follows.
Warning
Data model objects: users, servers, bastions and connections are replicated within the cluster and object instances must not be added on each node. In case the replication mechanism fails to copy objects to other nodes, contact technical support department.
- Select > .
- Click .
- Define bastion parameters.
Parameter | Description |
---|---|
Name | Object name. |
Blocked | Select if defined object should be unavailable after creation. |
Protocol | Servers communication protocol (servers within a given bastion can be accessed over selected communication protocol only). |
Local address | FUDO IP address used by the user to access a server monitored by FUDO. |
Ask for login reason | Prompt the user asking for the purpose of the log in. |
Granted users | Users allowed to manage given object. |
Security (applicable to RDP protocol) | RDP protocol encryption. |
Server public key (applicable to RDP and SSH protocols) | Public key deriving from the uploaded or generated private key. |
TLS certificate (applicable to RDP protocol) | TLS certificate for connections using Enhanced RDP security . |
SSL certificate (applicable to Telnet and Telnet 3270 with TLS option enabled) | SSL certificate used for accessing monitored servers over given bastion. |
TLS private key (applicable to Telnet and Telnet 3270 with TLS option enabled) | TLS private key for connecting over Telnet protocol using TLS. |
Server public SSH key (applicable to SSH protocol) | FUDO public key deriving from uploaded or generated private key. |
Use TLS (applicable to Telnet and Telnet 3270 protocols) | Enables TLS encryption. |
Servers | Servers which can be accessed through given bastion. |
Note
Click the hash function specifier to switch between SHA1 and MD5 fingerprint representation.
![../../_images/servers_fingerprint.png](../../_images/servers_fingerprint.png)
- Click .
Modifying a bastion definition
To modify bastion definition, proceed as follows.
- Select > .
- Find desired bastion definition.
- Click bastion name to access bastion configuration parameters.
- Modify configuration values as needed.
Note
Unsaved changes are marked with an icon.
![../../_images/unsaved_changes.png](../../_images/unsaved_changes.png)
- Click .
Blocking and unblocking a server
FUDO allows blocking access to given bastion for all users. To block/unblock access to selected resource, proceed as follows.
Warning
Blocking a bastion will terminate current connections established through given bastion.
- Select > .
- Find and select desired bastion definition.
- Click to block access to servers through selected bastion or to activate bastion and enable access to the servers.
- Provide descriptive reason for blocking given resource and click .
Deleting a bastion definition
To delete a bastion definition, proceed as follows.
Warning
Deleting a bastion definition will terminate current connections established through given bastion.
- Select > .
- Find and select desired bastion definition.
- Click .
- Confirm resource deletion.
Related topics: