Help Center> Cloud Bastion Host> User Guide> Logging In to the CBH System> Overview
Updated on 2024-04-11 GMT+08:00
View PDF

Overview

Port Requirements

To use the CBH system for resource management, ensure that the communication between the CBH system and the managed resources is enabled. Before you start, check whether your network ACL configuration allows access to CBH and configure the security group of the mapped CBH instance by referring to Table 1.

  • During cross-version upgrade, ports 80, 8080, 443, and 2222 are automatically enabled for the instance. If you do not need to use these ports, disable them immediately after the upgrade.
  • During cross-version upgrade, ports 22, 31036, 31679, and 31873 are automatically enabled for the instance. If you do not need to use these ports, disable them immediately after the upgrade.
Table 1 Inbound and outbound rule configuration reference

Scenario Description

Direction

Protocol/Application

Port

Accessing CBH through a web browser (HTTP and HTTPS)

Inbound

TCP

80, 443, and 8080

Accessing a CBH system through Microsoft Terminal Services Client (MSTSC)

Inbound

TCP

53389

Accessing a CBH Instance Through an SSH Client

Inbound

TCP

2222

Accessing CBH instances through FTP clients

Inbound

TCP

20~21

Remotely accessing Linux ECSs of CBH instances over SSH clients

Outbound

TCP

22

Remotely accessing Windows ECSs of CBH instances over the RDP Protocol

Outbound

TCP

3389

Accessing Oracle databases through CBH instances

Inbound

TCP

1521

Accessing Oracle databases through CBH instances

Outbound

TCP

1521

Accessing MySQL databases through CBH instances

Inbound

TCP

33306

Accessing MySQL databases through CBH instances

Outbound

TCP

3306

Accessing SQL Server databases through CBH instances

Inbound

TCP

1433

Accessing SQL Server databases through CBH instances

Outbound

TCP

1433

Accessing DB databases through CBH instances

Inbound

TCP

50000

Accessing DB databases through CBH instances

Outbound

TCP

50000

Accessing GaussDB databases through CBH

Inbound

TCP

18000

Accessing GaussDB databases through CBH

Outbound

TCP

18000

License servers

Outbound

TCP

9443

Cloud services

Outbound

TCP

443

Accessing a CBH system through the SSH client in the same security group

Outbound

TCP

2222

SMS service

Outbound

TCP

10743 and 443

Domain name resolution service

Outbound

UDP

53

Verification Type

CBH provides remote Active Directory (AD), Remote Authentication Dial In User Service (RADIUS), Lightweight Directory Access Protocol (LDAP), and Azure AD authentication methods. You can use existing user passwords on any of those remote servers for identity verification.

Table 2 Authentication methods

Verification Type

Authentication Description

Local Authentication

Static passwords configured for the CBH system are used for identity verification.

  • Multifactor verification can be configured for users authenticated by static password.
  • You can reset or change the static passwords through CBH. If you forgot this password, you can find it back through email.

AD domain authentication

The passwords of users on the AD server are used for identity verification.

  • Multifactor verification can be configured for users authenticated by static password.
  • Passwords cannot be changed through the CBH system.

RADIUS Authentication

The passwords of users on the RADIUS server are used for identity verification.

  • Multifactor verification can be configured for users authenticated by static password.
  • Passwords cannot be changed through the CBH system.

LDAP Authentication

The passwords of users on the LDAP server are used for identity verification.

  • Multifactor verification can be configured for users authenticated by static password.
  • Passwords cannot be changed through the CBH system.

Azure AD authentication

The passwords of Microsoft accounts are used for identity verification.

The login page is redirected to the Microsoft Azure login page for you to provide credentials.

  • Multifactor verification cannot be configured for users authenticated by the Azure AD server.
  • Passwords cannot be changed through the CBH system.

Logon Type

Different login methods require different credentials. If multifactor verification is enabled, the static password login method becomes invalid.

Table 3 Login method description

Logon Type

Login Description

Password

Enter the username and password of your CBH system account.

Mobile SMS Authentication

Enter the username and password of your CBH system account, click Send Code, and enter the SMS verification code you will receive.

Mobile OTP

Enter the username and password first, and then enter the mobile one-time password (OTP).

USBKey

Insert your USB key into your terminal device, select the issued USB key, and enter the corresponding personal identification number (PIN).

One-time Passwords (OTPs)

Enter the username and password first, and then enter the verification code displayed on your OTP token device.