Help Center/ Cloud Bastion Host/ Service Overview/ Security/ Identity Authentication and Access Control

Updated on 2024-05-16 GMT+08:00

View PDF

Identity Authentication and Access Control

Identity Authentication

You can access a CBH instance through a web console or an SSH client. With a web console, you can use all CBH functions, such as resource configuration and command execution. With an SSH client, you can only maintain resources managed in the CBH system.

When you create a CBH instance, you are required to set a username and password. They are used for logging in to the CBH instance through a web console and SSH client. If web console is used, SMS messages, mobile OTPs, USB keys, and OTP devices can be used for login authentication.

Access control

You can use security groups, web application firewalls (WAFs), access control lists (ACLs), and Virtual Private Clouds (VPCs) to control access to CBH instances.

**Table 1** Access controls supported by CBH
Access Control Method		Description
Permissions control	VPC	A Virtual Private Cloud (VPC) is a private and isolated virtual network created on Huawei Cloud. VPC along with EIP, Cloud Connect, and Dedicated Connect establishes a reliable, secure communication channel for your cloud resources to communicate with each other, the internet, and on-premises networks.
	Security Group	A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, that have the same security protection requirements and that are mutually trusted within a VPC. You can define different access control rules for a security group, and these rules are then applied to all the instances added to this security group.
	Web Application Firewall (WAF)	WAF acts as a shield for web applications and websites. Powered by machine learning, WAF intelligently examines website traffic and defends against malicious requests and unknown threats.