Sandbox using Docker
This is a good way to test The Bastion within seconds, but read the FAQ if you're serious about using containerization in production.
The sandbox image is available for the following architectures:
Let's run the docker image:
docker run -d -p 22 --name bastiontest ovhcom/the-bastion:sandbox
Or, if you prefer building the docker image yourself, you can: use the two commands below. Of course, if you already typed the
docker runcommand above, you can skip the following commands:
docker build -f docker/Dockerfile.debian10 -t bastion:debian10 . docker run -d -p 22 --name bastiontest bastion:debian10
Configure the first administrator account (get your public SSH key ready)
docker exec -it bastiontest /opt/bastion/bin/admin/setup-first-admin-account.sh poweruser auto
We're now up and running with the default configuration! Let's setup a handy bastion alias, and test the
PORT=$(docker port bastiontest | cut -d: -f2) alias bastion="ssh firstname.lastname@example.org -tp $PORT -- " bastion --osh info
It should greet you as being a bastion admin, which means you have access to all commands. Let's enter interactive mode:
This is useful to call several
--oshplugins in a row. Now we can ask for help to see all plugins:
If you have a remote machine you want to try to connect to through the bastion, fetch your egress key:
Copy this public key to the remote machine's
.ssh/folder of the account you want to connect to, then:
$> selfAddPersonalAccess --host <remote_host> --user <remote_account_name> --port-any $> ssh <remote_account_name>@<remote_host>
Note that you can connect directly without using interactive mode, with:
That's it! You can head over to the USAGE section on the left menu for more information.
Be sure to check the help of the bastion with
along with the help of each osh plugin with
bastion --osh command --help.
Also don't forget to customize your
which can be found in
/etc/bastion/bastion.conf (for Linux).