User:Reception123/bastion

Credit to Universal Omega for originally writing this help page:

Configuring the Bastion proxy[edit source]

PuTTY[edit source]

• Open PuTTY
• Connection -> SSH -> Auth: enable "Allow agent forwarding"
• Connection -> Data: enter your shell username in "Auto-login username"
• Connection -> Proxy:
  • Proxy type: "Local"
  • Proxy hostname: "bast121.miraheze.org"
  • Port: "0"
  • Exclude Hosts/IPs: "bast121.miraheze.org,bast141.miraheze.org"
  • Do DNS name lookup at proxy end: "Auto"
  • Username: shell username
  • Password: private key password
  • Telnet command, or local proxy command: "plink %user@%proxyhost -nc %host:%port -pw %pass"
• Session -> Default Settings -> Save

Note:

• Your private key password is not actually visible within PuTTY, and is still required to access any other terminal session.
  • However OpenSSH is probably more secure due to this so probably that would be a better option.
• This configuration will also apply (in the most part) to some SCP clients, such as WinSCP.
  • With the exception that for "Local proxy command", you must use the full path to plink. For example, '"C:\\Program Files\\PuTTY\\plink.exe" %user@%proxyhost -nc %host:%port -pw %pass'.

OpenSSH[edit source]

• Add the following snippet to '~/.ssh/config' (if the file doesn't exist, create it):

Host bast
        HostName bast121.miraheze.org                                
        IdentityFile <path_to_private_key>
        User <shell_username>

Host *.miraheze.org
        IdentityFile <path_to_private_key>
        User <shell_username>
        ProxyJump bast

• Use "ssh <server>.miraheze.org" to login

Note: You may be required to enter your private key password twice. This is due to first proxying through Bastion, so you need to enter it once for Bastion, and once for the destination server.