The Bastion
3.18.00
Presentation
Principles
Features
Security
FAQ
Installation
Basic Installation
Advanced Installation
Upgrading
Sandbox using Docker
Restoring from backup
Usage
The basics
PIV keys support
SFTP, SCP & RSYNC support
HTTPS Proxy
JSON API
Specific SSH clients tutorials
Administration
Configuration files
Logs
Multi-Factor Authentication
Security Advisories
Development
Environment setup
Writing tests
Plugins
admin plugins
group-aclkeeper plugins
group-gatekeeper plugins
group-owner plugins
open plugins
restricted plugins
The Bastion
»
Index
Index
Symbols
|
A
|
B
|
C
|
G
|
I
|
M
|
N
|
P
|
R
|
S
|
W
Symbols
--account
accountAddPersonalAccess command line option
accountDelPersonalAccess command line option
--account ACCOUNT
accountDelete command line option
accountFreeze command line option
accountGeneratePassword command line option
accountGrantCommand command line option
accountInfo command line option
accountList command line option
accountListAccesses command line option
accountListEgressKeys command line option
accountListIngressKeys command line option
accountListPasswords command line option
accountMFAResetPassword command line option
accountMFAResetTOTP command line option
accountModify command line option
accountPIV command line option
accountRevokeCommand command line option
accountUnexpire command line option
accountUnfreeze command line option
accountUnlock command line option
groupAddAclkeeper command line option
groupAddGatekeeper command line option
groupAddGuestAccess command line option
groupAddMember command line option
groupAddOwner command line option
groupDelAclkeeper command line option
groupDelGatekeeper command line option
groupDelGuestAccess command line option
groupDelMember command line option
groupDelOwner command line option
groupListGuestAccesses command line option
groupTransmitOwnership command line option
--account NAME
accountCreate command line option
--after WHEN
selfListSessions command line option
--algo
groupCreate command line option
--algo ALGO
groupGenerateEgressKey command line option
selfGenerateEgressKey command line option
--all
accountInfo command line option
groupInfo command line option
groupList command line option
--allowed
selfListSessions command line option
--always-active
accountCreate command line option
--always-active yes|no
accountModify command line option
--audit
accountList command line option
--before WHEN
selfListSessions command line option
--command '"remote cmd"'
clush command line option
--command COMMAND
accountGrantCommand command line option
accountRevokeCommand command line option
--comment "'ANY TEXT'"
accountAddPersonalAccess command line option
groupAddServer command line option
selfAddPersonalAccess command line option
--comment '"ANY TEXT"'
groupAddGuestAccess command line option
--comment '"STRING"'
accountCreate command line option
--comment STRING
realmCreate command line option
--denied
selfListSessions command line option
--detailed
selfListSessions command line option
--do-it
accountGeneratePassword command line option
groupGeneratePassword command line option
selfGeneratePassword command line option
selfGenerateProxyPassword command line option
--dry-run
groupSetServers command line option
--egress-session-multiplexing POLICY
accountModify command line option
--egress-strict-host-key-checking POLICY
accountModify command line option
--encrypted
groupCreate command line option
groupGenerateEgressKey command line option
selfGenerateEgressKey command line option
--exclude PATTERN
accountList command line option
accountListAccesses command line option
groupList command line option
groupListGuestAccesses command line option
groupListServers command line option
selfListAccesses command line option
--fingerprint-to-delete FP
selfDelIngressKey command line option
--force
groupAddServer command line option
selfAddPersonalAccess command line option
--force-key FINGERPRINT
accountAddPersonalAccess command line option
groupAddServer command line option
selfAddPersonalAccess command line option
--force-password HASH
accountAddPersonalAccess command line option
groupAddServer command line option
selfAddPersonalAccess command line option
--from
realmCreate command line option
--group
groupCreate command line option
--group GROUP
groupModify command line option
--group GROUP
groupAddAclkeeper command line option
groupAddGatekeeper command line option
groupAddGuestAccess command line option
groupAddMember command line option
groupAddOwner command line option
groupAddServer command line option
groupDelAclkeeper command line option
groupDelEgressKey command line option
groupDelete command line option
groupDelGatekeeper command line option
groupDelGuestAccess command line option
groupDelMember command line option
groupDelOwner command line option
groupDelServer command line option
groupDestroy command line option
groupGenerateEgressKey command line option
groupGeneratePassword command line option
groupInfo command line option
groupListGuestAccesses command line option
groupListPasswords command line option
groupListServers command line option
groupSetServers command line option
groupTransmitOwnership command line option
--guest-ttl-limit DURATION
groupModify command line option
--hide-groups
accountListAccesses command line option
selfListAccesses command line option
--host HOST
nc command line option
ping command line option
selfForgetHostKey command line option
selfListSessions command line option
--host HOSTNAME
alive command line option
--host HOST|IP
assetForgetHostKey command line option
--host HOST|IP|NET/CIDR
accountAddPersonalAccess command line option
accountDelPersonalAccess command line option
groupAddGuestAccess command line option
groupAddServer command line option
groupDelGuestAccess command line option
groupDelServer command line option
selfAddPersonalAccess command line option
selfDelPersonalAccess command line option
--host SERVER
whoHasAccessTo command line option
--id ID
groupDelEgressKey command line option
selfListSessions command line option
selfPlaySession command line option
--id-to-delete ID
selfDelIngressKey command line option
--idle-ignore yes|no
accountModify command line option
--ignore-group GROUP
whoHasAccessTo command line option
--ignore-personal
whoHasAccessTo command line option
--immutable-key
accountCreate command line option
--inactive-only
accountList command line option
--include PATTERN
accountList command line option
accountListAccesses command line option
groupList command line option
groupListGuestAccesses command line option
groupListServers command line option
selfListAccesses command line option
--limit LIMIT
selfListSessions command line option
--list HOSTLIST
clush command line option
--lock
adminMaintenance command line option
--max-inactive-days DAYS
accountCreate command line option
accountModify command line option
--message MESSAGE
adminMaintenance command line option
--mfa-password-required yes|no|bypass
accountModify command line option
--mfa-required password|totp|any|none
groupModify command line option
--mfa-totp-required yes|no|bypass
accountModify command line option
--no-confirm
accountDelete command line option
clush command line option
groupDelete command line option
groupDestroy command line option
selfMFASetupTOTP command line option
--no-key
accountCreate command line option
groupCreate command line option
--no-output
accountList command line option
--no-password-info
accountList command line option
--no-pause-on-failure
clush command line option
--osh-only
accountCreate command line option
--osh-only yes|no
accountModify command line option
--owner
groupCreate command line option
--pam-auth-bypass yes|no
accountModify command line option
--personal-egress-mfa-required POLICY
accountModify command line option
--piv
selfAddIngressKey command line option
--policy POLICY
accountPIV command line option
--port PORT
assetForgetHostKey command line option
clush command line option
nc command line option
selfForgetHostKey command line option
whoHasAccessTo command line option
--protocol PROTO
accountAddPersonalAccess command line option
accountDelPersonalAccess command line option
groupAddGuestAccess command line option
groupAddServer command line option
groupDelGuestAccess command line option
groupDelServer command line option
selfAddPersonalAccess command line option
selfDelPersonalAccess command line option
--pubkey-auth-optional yes|no
accountModify command line option
--public-key '"KEY"'
accountCreate command line option
--public-key KEY
realmCreate command line option
selfAddIngressKey command line option
--realm REALM
realmCreate command line option
--realm REALM
realmDelete command line option
realmInfo command line option
realmList command line option
--reason "'SOME REASON'"
accountFreeze command line option
--report
mtr command line option
--reverse-dns
accountListAccesses command line option
groupListGuestAccesses command line option
groupListServers command line option
selfListAccesses command line option
--show-wildcards
whoHasAccessTo command line option
--size
groupCreate command line option
--size SIZE
accountGeneratePassword command line option
--size SIZE
groupGeneratePassword command line option
--size SIZE
groupGenerateEgressKey command line option
selfGenerateEgressKey command line option
selfGeneratePassword command line option
--skip-errors
groupSetServers command line option
--step-by-step
clush command line option
--sudo-as ACCOUNT
adminSudo command line option
--sudo-cmd PLUGIN
adminSudo command line option
--to-port PORT
selfListSessions command line option
--ttl SECONDS|DURATION
accountAddPersonalAccess command line option
accountCreate command line option
accountPIV command line option
groupAddGuestAccess command line option
groupAddServer command line option
selfAddPersonalAccess command line option
--type TYPE
selfListSessions command line option
--uid UID
accountCreate command line option
--uid-auto
accountCreate command line option
--unlock
adminMaintenance command line option
--user USER
clush command line option
selfListSessions command line option
whoHasAccessTo command line option
--via HOST
selfListSessions command line option
--via-port PORT
selfListSessions command line option
--with[out]-egress-keys
accountInfo command line option
--with[out]-everything
accountInfo command line option
groupInfo command line option
--with[out]-groups
accountInfo command line option
--with[out]-keys
groupInfo command line option
--with[out]-mfa-password-info
accountInfo command line option
--yes
selfMFASetupPassword command line option
-c COUNT
ping command line option
-f
selfDelIngressKey command line option
-l
selfDelIngressKey command line option
-s SIZE
ping command line option
-t TTL
ping command line option
-w SECONDS
nc command line option
-w TIMEOUT
ping command line option
A
accountAddPersonalAccess command line option
--account
--comment "'ANY TEXT'"
--force-key FINGERPRINT
--force-password HASH
--host HOST|IP|NET/CIDR
--protocol PROTO
--ttl SECONDS|DURATION
between 0 and 32)
boolean)
integer
self_remote_user_only (optional
widest_v4_prefix (optional
accountCreate command line option
--account NAME
--always-active
--comment '"STRING"'
--immutable-key
--max-inactive-days DAYS
--no-key
--osh-only
--public-key '"KEY"'
--ttl SECONDS|DURATION
--uid UID
--uid-auto
accountDelete command line option
--account ACCOUNT
--no-confirm
accountDelPersonalAccess command line option
--account
--host HOST|IP|NET/CIDR
--protocol PROTO
accountFreeze command line option
--account ACCOUNT
--reason "'SOME REASON'"
accountGeneratePassword command line option
--account ACCOUNT
--do-it
--size SIZE
accountGrantCommand command line option
--account ACCOUNT
--command COMMAND
accountInfo command line option
--account ACCOUNT
--all
--with[out]-egress-keys
--with[out]-everything
--with[out]-groups
--with[out]-mfa-password-info
accountList command line option
--account ACCOUNT
--audit
--exclude PATTERN
--inactive-only
--include PATTERN
--no-output
--no-password-info
accountListAccesses command line option
--account ACCOUNT
--exclude PATTERN
--hide-groups
--include PATTERN
--reverse-dns
accountListEgressKeys command line option
--account ACCOUNT
accountListIngressKeys command line option
--account ACCOUNT
accountListPasswords command line option
--account ACCOUNT
accountMFAResetPassword command line option
--account ACCOUNT
accountMFAResetTOTP command line option
--account ACCOUNT
accountModify command line option
--account ACCOUNT
--always-active yes|no
--egress-session-multiplexing POLICY
--egress-strict-host-key-checking POLICY
--idle-ignore yes|no
--max-inactive-days DAYS
--mfa-password-required yes|no|bypass
--mfa-totp-required yes|no|bypass
--osh-only yes|no
--pam-auth-bypass yes|no
--personal-egress-mfa-required POLICY
--pubkey-auth-optional yes|no
accountPIV command line option
--account ACCOUNT
--policy POLICY
--ttl SECONDS|DURATION
accountRevokeCommand command line option
--account ACCOUNT
--command COMMAND
accountUnexpire command line option
--account ACCOUNT
accountUnfreeze command line option
--account ACCOUNT
accountUnlock command line option
--account ACCOUNT
admin_show_system_info (optional
info command line option
adminMaintenance command line option
--lock
--message MESSAGE
--unlock
adminSudo command line option
--sudo-as ACCOUNT
--sudo-cmd PLUGIN
alive command line option
--host HOSTNAME
assetForgetHostKey command line option
--host HOST|IP
--port PORT
B
between 0 and 32)
accountAddPersonalAccess command line option
selfAddPersonalAccess command line option
boolean)
accountAddPersonalAccess command line option
info command line option
,
[1]
selfAddPersonalAccess command line option
C
clush command line option
--command '"remote cmd"'
--list HOSTLIST
--no-confirm
--no-pause-on-failure
--port PORT
--step-by-step
--user USER
G
groupAddAclkeeper command line option
--account ACCOUNT
--group GROUP
groupAddGatekeeper command line option
--account ACCOUNT
--group GROUP
groupAddGuestAccess command line option
--account ACCOUNT
--comment '"ANY TEXT"'
--group GROUP
--host HOST|IP|NET/CIDR
--protocol PROTO
--ttl SECONDS|DURATION
groupAddMember command line option
--account ACCOUNT
--group GROUP
groupAddOwner command line option
--account ACCOUNT
--group GROUP
groupAddServer command line option
--comment "'ANY TEXT'"
--force
--force-key FINGERPRINT
--force-password HASH
--group GROUP
--host HOST|IP|NET/CIDR
--protocol PROTO
--ttl SECONDS|DURATION
groupCreate command line option
--algo
--encrypted
--group
--no-key
--owner
--size
groupDelAclkeeper command line option
--account ACCOUNT
--group GROUP
groupDelEgressKey command line option
--group GROUP
--id ID
groupDelete command line option
--group GROUP
--no-confirm
groupDelGatekeeper command line option
--account ACCOUNT
--group GROUP
groupDelGuestAccess command line option
--account ACCOUNT
--group GROUP
--host HOST|IP|NET/CIDR
--protocol PROTO
groupDelMember command line option
--account ACCOUNT
--group GROUP
groupDelOwner command line option
--account ACCOUNT
--group GROUP
groupDelServer command line option
--group GROUP
--host HOST|IP|NET/CIDR
--protocol PROTO
groupDestroy command line option
--group GROUP
--no-confirm
groupGenerateEgressKey command line option
--algo ALGO
--encrypted
--group GROUP
--size SIZE
groupGeneratePassword command line option
--do-it
--group GROUP
--size SIZE
groupInfo command line option
--all
--group GROUP
--with[out]-everything
--with[out]-keys
groupList command line option
--all
--exclude PATTERN
--include PATTERN
groupListGuestAccesses command line option
--account ACCOUNT
--exclude PATTERN
--group GROUP
--include PATTERN
--reverse-dns
groupListPasswords command line option
--group GROUP
groupListServers command line option
--exclude PATTERN
--group GROUP
--include PATTERN
--reverse-dns
groupModify command line option
--group GROUP
--guest-ttl-limit DURATION
--mfa-required password|totp|any|none
groupSetServers command line option
--dry-run
--group GROUP
--skip-errors
groupTransmitOwnership command line option
--account ACCOUNT
--group GROUP
I
info command line option
admin_show_system_info (optional
boolean)
,
[1]
show_fortune (optional
integer
accountAddPersonalAccess command line option
selfAddPersonalAccess command line option
M
mtr command line option
--report
N
nc command line option
--host HOST
--port PORT
-w SECONDS
P
ping command line option
--host HOST
-c COUNT
-s SIZE
-t TTL
-w TIMEOUT
R
realmCreate command line option
--comment STRING
--from
--public-key KEY
--realm REALM
realmDelete command line option
--realm REALM
realmInfo command line option
--realm REALM
realmList command line option
--realm REALM
S
self_remote_user_only (optional
accountAddPersonalAccess command line option
selfAddPersonalAccess command line option
selfAddIngressKey command line option
--piv
--public-key KEY
selfAddPersonalAccess command line option
--comment "'ANY TEXT'"
--force
--force-key FINGERPRINT
--force-password HASH
--host HOST|IP|NET/CIDR
--protocol PROTO
--ttl SECONDS|DURATION
between 0 and 32)
boolean)
integer
self_remote_user_only (optional
widest_v4_prefix (optional
selfDelIngressKey command line option
--fingerprint-to-delete FP
--id-to-delete ID
-f
-l
selfDelPersonalAccess command line option
--host HOST|IP|NET/CIDR
--protocol PROTO
selfForgetHostKey command line option
--host HOST
--port PORT
selfGenerateEgressKey command line option
--algo ALGO
--encrypted
--size SIZE
selfGeneratePassword command line option
--do-it
--size SIZE
selfGenerateProxyPassword command line option
--do-it
selfListAccesses command line option
--exclude PATTERN
--hide-groups
--include PATTERN
--reverse-dns
selfListSessions command line option
--after WHEN
--allowed
--before WHEN
--denied
--detailed
--host HOST
--id ID
--limit LIMIT
--to-port PORT
--type TYPE
--user USER
--via HOST
--via-port PORT
selfMFASetupPassword command line option
--yes
selfMFASetupTOTP command line option
--no-confirm
selfPlaySession command line option
--id ID
show_fortune (optional
info command line option
W
whoHasAccessTo command line option
--host SERVER
--ignore-group GROUP
--ignore-personal
--port PORT
--show-wildcards
--user USER
widest_v4_prefix (optional
accountAddPersonalAccess command line option
selfAddPersonalAccess command line option