Is connection to Bastion Server Open to Anyone

Question

My team uses a Bastion Server as a tunnel server to secure our AWS EC2 instances. The connection to Bastion was configured based on this article.

To the best of my understanding, the Bastion server is created as a gateway to the instances I want secure. I connect to Bastion using:

ssh -A ubuntu@<BASTION SERVER>

so that when I connect from Bastion to my secure EC2 it will use the pem file on my local as configured by running:

ssh-add -K myPrivateKey.pem

(Hope I'm on point so far).

My question is - Can anyone connect to the Bastion server? Obviously one will not be able to connect to secure EC2's without the pem file, but if the PasswordAuthentication in Bastion is on no, can anyone connect?

score 1 · Accepted Answer · answered May 16 '19 at 11:22

If you have followed that guide and ensured this step has been done:

Configure the security group on the bastion to allow SSH connections (TCP/22) only from known and trusted IP addresses.

then your bastion is safe. if not, and your security group allows it, bastion is open for all

Is connection to Bastion Server Open to Anyone

1 Answers1