Free Preparation Discussions
MENU
Oracle Exam 1Z0-1104-23 Topic 5 Question 15 Discussion
Topic #: 5
Challenge 3 - Task 4 of 4
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario
A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Configure a Virtual Cloud Network (VCN) and a Private Subnet.
* Provision a Compute Instance in the private subnet and enable Bastion Plugin.
* Create a Bastion and Bastion session.
* Connect to a compute instance using Managed SSH session.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1
Complete the following tasks in the provisioned OCI environment:
Connect to a compute instance using a Managed SSH Bastion session from your local machine terminal or Cloud shell.
Solutions:
From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click the SPPBTBASTION992831403labuser13 bastion.
Click the three dots next to the PBT-1-Session-01 managed SSH session to open the Actions menu and click the View SSH command.
Click Copy next to the SSH command and Close. (Copy the SSH command to a Notepad file)
Use a Notepad text editor to replace
a. For example:
perl
ssh -i ssh-key-2023-08-02.key -o ProxyCommand='ssh -i ssh-key-2023-08-02.key -w %h:%p -p 22 ocid1.bastionsession.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@host.bastion.us-ashburn-1.oci.oraclecloud.com' -p 22 opc@10.0.1.162
Click the Cloud Shell icon at the right of the OCI console header.
Verify that you are in the home directory. a.cd ~
Upload the private key to the cloud shell you downloaded to your workstation earlier. Reference to upload file to cloud shell.
The file will be named similarly to ssh-key-<date>.key.
Locate and change the permission of the private key by executing the following commands: a.lsb.chmod 400
Run the SSH command to connect the compute instance in the private subnet. a. For example:
perl
ssh -i ssh-key-2023-08-02.key -o ProxyCommand='ssh -i ssh-key-2023-08-02.key -w %h:%p -p 22 ocid1.bastionsession.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@host.bastion.us-ashburn-1.oci.oraclecloud.com' -p 22 opc@10.0.1.162
Note: Enter yes in response to ''Are you sure you want to continue connecting (yes/no)?'' 13. Verify the connected instance's Private IP address. a.ifconfig
Take note of the inet/IP address for the ens3 interface in the output and compare it to the instance Private IP address created in this lab, i.e. PBT-BAS-VM-01.
Congratulations! You have successfully created an instance, enabled Bastion, and created a Bastion and session to connect the resources to a private endpoint.
Goldie
8 months agoMichel
8 months agoSophia
8 months agoGail
8 months agoJaclyn
8 months agoLouann
8 months agoMabel
9 months agoClement
9 months agoLouann
9 months agoMabel
10 months agoClement
10 months agoEttie
10 months agoMaryln
10 months agoArlette
10 months agoAngelo
9 months agoLenna
9 months agoStevie
9 months agoMiriam
9 months agoJoaquin
10 months agoErick
10 months agoKasandra
11 months ago