Overview

Bastion host is a special purpose computer on a network specifically designed and configured to be the SSH entrypoint of your Virtual Private Network (VPC)

Highlights

Rebound server used with SSH as single entry point in your private network.
Include a port knocking to open SSH access only from pre-hook tcp package sent to a specific port

Details

Sold by

Continuous

Typical total price

This estimate is based on use of the seller's recommended configuration (t3.nano) in the US East (N. Virginia) Region. View pricing details

$0.005/hour

Pricing

Bastion Host SSH

Info

View purchase options

Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.

Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.

Region

Usage costs (10)

Info

Instance type	Product cost/hour	EC2 cost/hour	Total/hour
t2.nano	$0.00	$0.006	$0.006
t2.micro AWS Free Tier	$0.00	$0.012	$0.012
t2.small	$0.00	$0.023	$0.023
t2.medium	$0.00	$0.046	$0.046
t2.large	$0.00	$0.093	$0.093
t3.nano Recommended	$0.00	$0.005	$0.005
t3.micro AWS Free Tier	$0.00	$0.01	$0.01
t3.small	$0.00	$0.021	$0.021
t3.medium	$0.00	$0.042	$0.042
t3.large	$0.00	$0.083	$0.083

Additional AWS infrastructure costs

Type	Cost
EBS General Purpose SSD (gp2) volumes	$0.10/per GB/month of provisioned storage

Vendor refund policy

no refunds

Legal

Vendor terms and conditions

Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

Content disclaimer

Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

Usage information

Info

Delivery details

64-bit (x86) Amazon Machine Image (AMI)

Amazon Machine Image (AMI)

An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.

Version release notes

Main Release

Additional details

Usage instructions

This Bastion instance implements an auto stop instance script if there is no SSH connection established every hour.

You can also activate the Port Knocking mechanism in order to allow ssh connection only from the IP of the requester. Use the following script in user-data or once the instance are created to change default port 22 by another, and define 3 ports for the knocking system.

#!/bin/bash -v
/root/change-ssh-port.sh <ssh-port> <knock-port-1> <knock-port-2> <knock-port-3>

To open your you have to knock the combination. You can do that using nmap or other knocking tools.

nmap -Pn --host_timeout 201 --max-retries 0 -p <PUBLIC_IP_BASTION> nmap -Pn --host_timeout 201 --max-retries 0 -p <PUBLIC_IP_BASTION> nmap -Pn --host_timeout 201 --max-retries 0 -p <PUBLIC_IP_BASTION>

ssh -A -p -i <SSH_KEY.PEM> ec2-user@<PUBLIC_IP_BASTION>

You will need also to open the 4 ports define on your security group associated with the EC2 instance in order to connect. Don't worry, the instance implements its own IPtables rules to deny the connections that do not use knocking.

We recommend you to enable instance protection on your EC2 Bastion instance in order to avoid unexpected termination.

Resources

Vendor resources

Bastion Host

Support

AWS infrastructure support

AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

Get support

Similar products

Bastion Host on AWS

By Solve DevOps

This Bastion Host will allow you and your users to securerly access Linux and Windows servers in AWS.

View product

Guacamole Bastion Host

By netCUBED

Browser based remote access tool that provides easy access to hosts in all your VPCs, across accounts and regions. Windows desktops and Linux hosts are supported. No client software needed, a modern browser is all you need.

View product

Bastillion

By Loophole, LLC

Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys.

View product