I wanted to say something like “I’m not going to discuss my security” but then that would contradict the title of the post.
In my case I have both a VPN and a bastion host. My bastion host is more of a proxy than anything else. In fact all one can
do is proxy a terminal session. There are not
scp capabilities. This was more of an unintended consequence than it was
vast ninja foo.
I’ll outline the challenge two ways; first…
Second, a new server or server instance…
VPN or Bastion Host? asked the question but never really answered it. There are a number of opposing concerns… authentication and authorization; ease of use and complexity.
Now that I’m looking at the details above… my bastion host is a vulnerability waiting to happen. It’s time to clean that up. So I’m looking at the following: