Hello,
Has anybody setup rocky jump server or bastion server.Is there a real difference? Any recommendations and guidance regarding the installation?
Thank you
Maria
Hi Maria,
I had to confess that I didn’t know. A Google search turned up this which I think explains the differences:
@jhfrontz The main difference as I understand and use it, is that a jump host is used for remote access. And Bastion hosts offer services that need to face the internet. Look at jump hosts as border guards, and bastion hosts as a tellers window at a bank.Sep 17, 2015
As far as setting one of either up, I’ve never needed to.
The jump box is used in remote access, when users are not allowed to just remote into any box they feel like. They have to login to the jump box first, and then they can remote into other boxes from there.
The bastion host is set up, knowing it will be attacked as soon as it goes live.
Likewise.
Rocky has sshd.service enabled, so every Rocky is a “jump host - capable” by default.
(I have heard term “login node”, not “jump host”.)
Every machine that faces internet can and probably will be attacked, whether they have any services or not. Therefore all of them should be treated as “bastions”.
The sshd of jump host is a service that clearly faces the internet. Thus all jump hosts should be bastions (but all bastions do not need to be jump hosts).
Rocky has guides. Also about security. For example: Systemd Units Hardening - Documentation
The “hardening” is a term that is often used.
Perhaps not always.
The jump host might only be available via vpn.