Part 1: Creating a Bastion Host
- Choose a Cloud Provider: Select your preferred cloud provider. If you don't have one, AWS offers a reliable free tier option to get started.
- Launch an Instance:
- Navigate to your cloud provider's virtual machine creation service (e.g., AWS EC2, GCP GCE).
- Choose a security-hardened operating system like Ubuntu or Amazon Linux.
- Configure Network Security:
- Create a security group for the bastion host.
- Allow inbound SSH access (TCP port 22) only from your trusted IP addresses and Locale’s IP Address
35.185.77.86
. Restrict all other traffic. - Assign the bastion host to the same VPC and subnet as the target database (if they are in the same cloud environment).
Part 2: SSH Connection to Bastion Host
💡 Public-key authentication is the recommended approach for the SSH Connection.
Locale offers two-way of connecting to bastion host
- Password Authentication:
- Edit your sshd config file
- Find the line
PasswordAuthentication no
and change it toPasswordAuthentication yes
. - Save the changes and restart the SSH service:
sudo systemctl restart sshd
- Public Key Authentication:
- Copy the Locale SSH Key from the data source connection page.
- Upload locale’s public key to the bastion host's
~/.ssh/authorized_keys
file.