Title

Secure SSH to OCI Bastion Host

About Or Title

About This Workshop

Desc Long

Connect to your secure OCI bastion host through SSH for a secure and controlled gateway to access your private instances in your VCN. This LiveLab walks you through generating an SSH key, creating a compartment, creating a VCN with public & private subnets, and two compute instances (one public and one private). After the preparing your resources, you will then securely connect through the Cloud Shell using SSH. You will connect to the instance by using your private instance ssh key and your public instance IP address. You will then create your private key file, change security on the file so other users cannot access and re-connect to private instance using your private key and private IP. This allows you to establish a secure connection using SSH to your private instances while maintaining integrity of your OCI environment.

Workshop Length

1 hour

Outline

Lab 1: Set Up

Task 1: Generate SSH Key

Open Cloud Shell
mkdir .ssh
cd .ssh
ssh-keygen -b 2048 -t rsa -f <<sshkeyname>>
ls
cat <<sshkeyname>>.pub
copy the public key and private keys and save for later

Task 2: Set up Instances

Create a compartment
Navigate to Identity & Security and select Compartments
Click create compartment
Name the Compartment Demo and click create compartment

Task 3: Create a VCN with public and private subnets --Using Wizard

Navigate to Networking and select Virtual cloud networks
Select Start VCN Wizard
Name VCN Demo_VCN
Select Demo compartment
Leave all other inputs as the default
Click next
Review and hit the Create button to create the VCN
Click the View Virtual Cloud Network button

Task 4: Create Public Compute Instance

Navigate to Compute and select Instances
Select Create instance
Name instance BastionHost
Ensure it is in Demo compartment
Ensure it is in public subnet
Paste public keys and paste the public key we created earlier
Press create button to create instance
Create instance

Task 5: Create Private Instance

Name instance private-1
Select private subnet
Select paste public keys and paste the public key we created earlier
Create instance

Lab 2: Secure Shell Access to Bastion Host using CLI

Task 1: SSH into Instances

Open Cloud Shell
cd .ssh
ssh -i <private_ssh_key> opc@<BastionHost_public_ip_address>
cd .ssh
vim private_key
Paste private key we saved from earlier
:wq!
chmod 600 private_key
ssh -i private_key opc@<private-1_private_ip_address>
exit

Prerequisites

Familiarity with Oracle Cloud Infrastructure (OCI) is helpful
Familiarity with VCN/ Networking is helpful
Some understanding of cloud and command line terms are helpful

Other Workshops you might like

OCI Email Delivery

OCI Email Delivery

A walkthrough of configuring Oracle's Email Delivery Service including a creation of an email (..)

1 hr 528 Views
Deploy a Secure Landing Zone in OCI

Deploy a Secure Landing Zone in OCI

Use the OCI Resource Manager to create the OCI CIS Landing Zone in a cloud tenant. A full set of (..)

1 hr, 30 mins 1295 Views
Kick off your Oracle Cloud Part 1

Kick off your Oracle Cloud Part 1

Explore basic OCI services: Networking, Compute, Storage and more.

1 hr, 30 mins 12428 Views
Setting up Highly Available and Secure Infrastructure with Terraform on OCI

Setting up Highly Available and Secure Infrastructure with Terraform on OCI

This lab will help you understand how to use Terraform to provision OCI resources.

1 hr 1281 Views