How to Setup SSH Bastion Host

Part 1: Creating a Bastion Host

  1. Choose a Cloud Provider: Select your preferred cloud provider. If you don't have one, AWS offers a reliable free tier option to get started.
  2. Launch an Instance:
    • Navigate to your cloud provider's virtual machine creation service (e.g., AWS EC2, GCP GCE).
    • Choose a security-hardened operating system like Ubuntu or Amazon Linux.
  3. Configure Network Security:
    • Create a security group for the bastion host.
    • Allow inbound SSH access (TCP port 22) only from your trusted IP addresses and Locale’s IP Address Restrict all other traffic.
    • Assign the bastion host to the same VPC and subnet as the target database (if they are in the same cloud environment).

Part 2: SSH Connection to Bastion Host

💡 Public-key authentication is the recommended approach for the SSH Connection.

Locale offers two-way of connecting to bastion host

  1. Password Authentication:
    • Edit your sshd config file
    • Find the line PasswordAuthentication no and change it to PasswordAuthentication yes.
    • Save the changes and restart the SSH service: sudo systemctl restart sshd
  2. Public Key Authentication:
    • Copy the Locale SSH Key from the data source connection page.
    • Upload locale’s public key to the bastion host's ~/.ssh/authorized_keys file.