Help Center> Cloud Bastion Host> Getting Started> Step 1: Log In to the CBH System
Updated on 2022-11-30 GMT+08:00
View PDF

Step 1: Log In to the CBH System

Scenarios

You can log in to your CBH system through a web browser, MSTSC client, or SSH client.

  • Web browser login: In this method, you can use the system management and resource O&M modules in CBH. This method is recommended for system user admin or administrators to manage the CBH system and audit authorization.
  • SSH client login: You can use an SSH client to directly log in to the authorized resources for O&M without changing your original login methods.
  • MSTSC client login: With CBH, your current MSTSC-based O&M experience is still useful. You can use an MSTSC client to directly log in to the CBH system for resource O&M.

Prerequisites

  • You have purchased a CBH instance. If you want to access the CBH instance over the public network, bound an EIP to it. For details, see Purchasing a CBH Instance.
  • The CBH instance is in the Running state, and the CBH system is within the authorization period.
  • You have obtained the address and credentials for logging in to the CBH system.

Using a Web Browser to Log In to a CBH System

  1. Enter the IP address of the CBH system in the address box of your browser to access the login page.

    URL: https:// EIP or private IP address of the CBH instance, for example, https://10.10.10.10.

    • If no EIP is bound to your CBH instance, use the private network IP address to log in to the CBH system. Ensure that your local network and the private network of the CBH system are connected.
    • Use supported browsers to access CBH. In an incompatible browser, the login verification message may fail to be sent to you, or exceptions may occur after you log in. For recommended browsers, see Restrictions on Using CBH.

  2. Select a login authentication method as shown in Figure 1.

    Figure 1 CBH system login page
    • Multi-factor Authentication (MFA) can be enabled for all CBH users. CBH supports SMS, OTP, USBKey, and OTP Token. For details, see Configuring Multifactor Verification.
    • After multi-factor authentication is configured, Password authentication becomes invalid.
      Table 1 Web browser login authentication

      Authentication Method

      How to Log In

      Configuration Description

      Password

      Enter the username and password of your CBH system user account.

      Default login method.

      The login passwords in the AD, RADIUS, LDAP, or Azure AD authentication are the passwords of users on the remote server. For details, see System Configuration.

      SMS

      Enter the username and password, click Send code, and enter the SMS verification code you will receive.

      A valid phone number has been configured for the account.

      OTP

      Enter the username and password and enter the mobile phone one-time password (OTP), which changes periodically.

      NOTE:

      Ensure that the CBH system time is the same as the mobile phone time (accurate to the second). Otherwise, a message indicating that the verification code is incorrect will be reported.

      Bind your system user account to a mobile OTP and contact the administrator to configure multi-factor authentication for this account.For details, see Mobile OTP.

      USBKey

      Insert and select an issued USB key and enter the corresponding PIN.

      A USB key has been issued to the user. For details, see Issuing a USB Key.

      OTP token

      Enter the username and password, and enter the dynamic password of the OTP device, which changes periodically.

      An OTP token has been issued to the user. For details, see Issuing an OTP Token.

  3. Click Login to log in to the CBH system for O&M.

    • The admin user is a system administrator account that is used to log in to the CBH system for the first time. The admin account has the highest level of authority. Permissions for the admin account cannot be modified. Keep the account information secure.
    • After you log in to the CBH system for the first time, change the passwords and configure the phone number as prompted. Otherwise, the system cannot be further loaded. The phone number can be changed on the profile page in the Dashboard module.

Using an SSH Client to Log In to a CBH System

CBH allows you to use an SSH client to log in to your CBH system for authorized resource O&M.

  • Only host resources configured with the SSH, Telnet, or Rlogin protocols can be logged in through an SSH client.
  • SecureCRT 8.0 or later and Xshell 5 or later are recommended.
  1. Start the local SSH client tool and choose File > New to create a user session.
  2. Configure user session connection.

    • Method 1

      In the displayed dialog box, select a protocol type, enter the EIP address and port number (2222) of the CBH instance, and click OK. Enter the login name of your CBH system account and click Connect.

    • Method 2

      In the newly opened blank session window, run a command in the following format: Protocol type User login name@System login IP address Port number, for example, ssh admin@10.10.10.10 2222.

    • Method 3

      In the live session window of a Linux host, run a command in the following format: Protocol type User login name@System login IP address-p Port number, for example, ssh admin@10.10.10.10 -p 2222.

  3. Authenticate user identities.

    Enter your identity credentials as prompted.

    When an SSH client is used for establishing connections, you can use the Password, SSH Pubkey, SMS, Mobile OTP, and/or OTP Token authentication. To use SMS, Mobile OTP, and OTP token, configure multifactor verification. For details, see Configuring Multifactor Verification.
    Table 2 SSH client login authentication

    Authentication Method

    Login Description

    Configuration Description

    Password

    Enter the username and password of your CBH system user account.

    Default login mode.

    The login passwords in the AD, RADIUS, LDAP, or Azure AD authentication are the passwords of users on the remote server. For details, see Configuring Multifactor Verification.

    SSH Pubkey

    Enter the private key and private key password for login authentication. After the login authentication is successful, next time the user can log in to the system over the SSH client without entering the password.

    You need to generate a public and private key pair for login verification and add the SSH public key to the CBH system in the Profile center. For details, see Adding an SSH Public Key.

    SMS

    In SMS authentication, enter the Password or SSH Pubkey and the SMS verification code you will receive to complete the login authentication.

    An available phone number has been configured for the account.

    Mobile OTP

    In Mobile OTP authentication, enter the Password or SSH Pubkey and the OTP token to complete the login authentication.

    NOTE:

    Ensure that the CBH system time is the same as the mobile phone time (accurate to the second). Otherwise, a message indicating that the verification code is incorrect will be reported.

    Bind your system user account to a mobile OTP and contact the administrator to configure multifactor authentication for this account. For details, see Mobile OTP.

    OTP token

    After the Password or SSH Pubkey login is authenticated, select OTP token and enter the verification code.

    An OTP token has been issued to the user. For details, see Issuing an OTP Token.

  4. After logging in to the CBH system, you can view system information and start O&M operations.

    You can also use an API to directly log in to a managed host.

    Enter the username in the format of Username@Resource account@Host IP address:Port, for example, admin@root@192.0.0.0:22.

Accessing a CBH system through Microsoft Terminal Services Client (MSTSC)

CBH allows you to use an MSTSC client to log in to authorized resources for O&M.

  1. Open the MSTSC dialog box.
  2. In the displayed dialog box, enter the CBH information in the Computer text box in the format of CBH IP address: 53389.
  3. Click Connect and provide the following information to complete the login:

    • Username: Enter Login Name of the CBH user@Windows host resource account@Windows host resource IP address:Windows remote port (3389 by default), for example, admin@Administrator@192.168.1.1:3389.

      The Windows host resource account must be a resource account that has been added to CBH and the login mode must be automatic login, or the resource account cannot be identified and O&M audit files cannot be generated. Real-time session O&M is not supported.

    • Password: Enter the password of the CBH user.