Bastion server/Jump Server
The main purpose of a bastion server: acting as a gateway to access other servers within a network.It's your first line of defense against potential cyber threats.
Imagine your internal servers are a well-guarded castle. The bastion server is like the guarded drawbridge. It controls who gets in and out. This helps keep the important stuff inside the castle safe from any bad guys outside.
By having just one way in (through the bastion), you're reducing the number of doors that attackers can try to open. It's like putting a super-strong lock on that one door. The bastion server takes the hits and keeps the internal servers hidden.
Bastion servers are set up to allow only authorized users to access the internal network. This means that even if a malicious bot or crawler attempts to connect to the network, it won't be able to bypass the bastion server's authentication and access controls.
suppose we have two server first one that will be act as a host 220.127.116.11 while other one our destination server 18.104.22.168
the firewall will have to set for those , first for host you have to disable all port except the port which will be use for ssh, in our case its 5001, so we only allow it.
More on destination server we have to add rule to allow only the bastion server Ip address which is 22.214.171.124.
add this to your ~/.ssh/config , if config file not exits just create it and add below configuration.
after above just ssh by
more generate key like this
ssh-keygen -t rsa -b 4096
Then on server
add your public key there on bastion and destination server to access it
For best practice always follow for bastian server create simple user for others while keep root user for yourself
create other user,then create directory in their path
mkdir -p ~/.ssh
sudo nano authorized_keys
paste their public key content in above