Skip to main content

Lessons on bastion access

  • One way in. Internal VMs expose no SSH to the internet; the bastion is the single public SSH endpoint.
  • ProxyJump makes it painless. Bastion-only access with none of the two-hop hassle — tooling included.
  • Harden the one box hard. It's the door everyone uses; patch it, restrict it, log it.
  • Understand host-key warnings. They're a feature. After a reprovision, ssh-keygen -R and move on; otherwise, stop and investigate.

No comments to display

Back to top