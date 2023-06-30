A bastion host is an instance that is provisioned with a public IP address and can be accessed via SSH. After setup, the bastion host acts as a jump server, allowing secure connection to instances provisioned without a public IP address.

Before you begin, you need to create or configure these resources in your IBM cloud account:

IAM permissions

VPC

VPC Subnet

SSH Key

To reduce the exposure of servers within the VPC, create and use a bastion host. Administrative tasks on the individual servers are performed by using SSH, proxied through the bastion. Access to the servers and regular internet access from the servers (e.g., software installation) are allowed only with a special maintenance security group that is attached to those servers.

For more information, see Securely access remote instances with a bastion host.

If you want to set up a bastion host that uses teleport, see Setting up a bastion host that uses teleport.