Challenge 3 - Task 4 of 4
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario
A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Configure a Virtual Cloud Network (VCN) and a Private Subnet.
* Provision a Compute Instance in the private subnet and enable Bastion Plugin.
* Create a Bastion and Bastion session.
* Connect to a compute instance using Managed SSH session.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1
Complete the following tasks in the provisioned OCI environment:
Connect to a compute instance using a Managed SSH Bastion session from your local machine terminal or Cloud shell.
Solutions:
From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click the SPPBTBASTION992831403labuser13 bastion.
Click the three dots next to the PBT-1-Session-01 managed SSH session to open the Actions menu and click the View SSH command.
Click Copy next to the SSH command and Close. (Copy the SSH command to a Notepad file)
Use a Notepad text editor to replace
a. For example:
perl
ssh -i ssh-key-2023-08-02.key -o ProxyCommand='ssh -i ssh-key-2023-08-02.key -w %h:%p -p 22 ocid1.bastionsession.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@host.bastion.us-ashburn-1.oci.oraclecloud.com' -p 22 opc@10.0.1.162
Click the Cloud Shell icon at the right of the OCI console header.
Verify that you are in the home directory. a.cd ~
Upload the private key to the cloud shell you downloaded to your workstation earlier. Reference to upload file to cloud shell.
The file will be named similarly to ssh-key-<date>.key.
Locate and change the permission of the private key by executing the following commands: a.lsb.chmod 400
Run the SSH command to connect the compute instance in the private subnet. a. For example:
perl
ssh -i ssh-key-2023-08-02.key -o ProxyCommand='ssh -i ssh-key-2023-08-02.key -w %h:%p -p 22 ocid1.bastionsession.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@host.bastion.us-ashburn-1.oci.oraclecloud.com' -p 22 opc@10.0.1.162
Note: Enter yes in response to ''Are you sure you want to continue connecting (yes/no)?'' 13. Verify the connected instance's Private IP address. a.ifconfig
Take note of the inet/IP address for the ens3 interface in the output and compare it to the instance Private IP address created in this lab, i.e. PBT-BAS-VM-01.
Congratulations! You have successfully created an instance, enabled Bastion, and created a Bastion and session to connect the resources to a private endpoint.
Goldie
5 months agoMichel
6 months agoSophia
6 months agoGail
6 months agoJaclyn
6 months agoLouann
6 months agoMabel
7 months agoClement
7 months agoLouann
7 months agoMabel
7 months agoClement
7 months agoEttie
8 months agoMaryln
8 months agoArlette
8 months agoAngelo
7 months agoLenna
7 months agoStevie
7 months agoMiriam
7 months agoJoaquin
8 months agoErick
8 months agoKasandra
8 months ago