Richard Bucker

VPN or Bastion Host? That is the question.

Posted at — Oct 6, 2021

I wanted to say something like “I’m not going to discuss my security” but then that would contradict the title of the post. In my case I have both a VPN and a bastion host. My bastion host is more of a proxy than anything else. In fact all one can do is proxy a terminal session. There are not scp capabilities. This was more of an unintended consequence than it was vast ninja foo.

I’ll outline the challenge two ways; first…

Second, a new server or server instance…

VPN or Bastion Host? asked the question but never really answered it. There are a number of opposing concerns… authentication and authorization; ease of use and complexity.

Now that I’m looking at the details above… my bastion host is a vulnerability waiting to happen. It’s time to clean that up. So I’m looking at the following:

QED