tencent cloud

Bastion Host

Product Introduction
Overview
Strengths
Scenarios
Differences between SaaS BH Standard Edition and Pro Edition
Purchase Guide
Billing Overview
Purchase Method
Upgrade Subscription Plan
Upgrade Bandwidth
Upgrade Extension Pack
Renewal
Payment Overdue
Refund
Getting Started
First Login of Admin
Admin Manual
First Login of Ops Engineer
Ops Engineer Manual
Operation Guide
Admin Guide
Operations Guide
Practical Tutorial
Blocking High-risk Commands
File Transfer Control
Tracing Security Incidents
Cross-VPC Asset Management
Access Bastion Host O&M Page Via Intranet Domain
Troubleshooting
Windows Resource Login Connection Timeout
Windows Resource Login Prompting Wait Active
Linux Resource Login via Mac Prompting No Matching Host Key Type Found
Windows Resource is Inaccessible for Mac Users
iTerm Client Displaying Unrecognizable Characters to Mac Users During Ops
Unable to Invoke Local XShell or SecureCRT
Ops Members Cannot Receive SMS Verification Code
Ops Members Cannot Load the Account When Logging in to Resources
Linux Resource Login Prompting Host Unreachable
Linux Resource Login Failure Prompting Password Error
FAQs
Usage
Consultation
BH Policy
Privacy Policy
Data Processing And Security Agreement
DocumentationBastion HostGetting StartedAdmin Manual

Admin Manual

PDF
Focus Mode
Font Size
Last updated: 2023-12-27 17:11:08
This document describes operations performed by admins after logging in to the BH console, mainly including:
1. Add a managed asset
2. Add an Ops user
3. Grant the Ops user the permission to access the asset
4. Inform the Ops user of the Ops login address
5. Audit the Ops user's asset access behaviors

Prerequisites

You have purchased BH.

Step 1. Add a managed asset

1. Log in to the BH console and select Asset management > Server assets on the left sidebar.
2. On the Server assets page, click Sync.
3. In the pop-up window, click OK.
Note:
Synced regions: Hong Kong (China) and Singapore.
Synced asset type: CVM.
Before enabling automatic sync, authorize a role as instructed.
4. After the sync is completed, select the server on the Server assets page and click Modify BH service to bind the BH service to the server.
5. In the Modify BH service window, select the target BH service and click OK.
6. Select a server from the server list and click Account.
7. In the Account management pop-up window, click Add asset account, enter the asset account name, and click OK.
8. In the Account management window, click Settings next to Unmanaged password, enter the password, and click OK.

Step 2. Add an Ops user

1. Log in to the BH console and select User management > Users on the left sidebar.
2. On the Users page, click Create user.
3. In the pop-up window, enter the required fields such as username, name, and mobile number, as well as the optional ones such as email, user group, and validity period, and click OK.

Step 3. Grant the Ops user the permission to access the asset

1. Log in to the BH console and select Permission management > Access permission configuration on the left sidebar.
2. On the Access permissions page, click Create access permission.
3. On the Create access permission page, perform the following operations as instructed:
3.1 Set the permission name
3.2 Select a user
3.3 Select an asset
3.4 Select an asset account
3.5 Set an access operation
3.6 Select a high-risk command template
4. After performing the above operations, confirm the configuration information and click Confirm and submit for the authorization information to take effect.

Step 4. Inform the Ops user of the Ops login address

1. Log in to the BH console and select Overview on the left sidebar.
2. On the Overview page, copy the link to the Ops page in the Help section and send it to the authorized Ops user.

Step 5. Audit the Ops user's asset access behaviors

1. Log in to the BH console and select Audit management > Session audit on the left sidebar.
2. On the Session audit page, audit the operation behaviors performed by the Ops user on the managed asset.
Previous Topic: First Login of AdminNext Topic: First Login of Ops Engineer

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback