Bastillion is a web-based SSH Terminal emulator. By using this software we can configure a jump server that provides centrally managed administrative access to systems. The software layers TLS/SSL on top of SSH and acts as a bastion host for administration. Bastillion is a freemium software and we can add maximum 6 users and 12 systems without acquiring a subscription.
In this article, we are installing Bastillion Jump Server on CentOS 7. Bastillion is the fork of Keybox and the same steps can be used to install Keybox software on CentOS 7.
This Article Provides:
- Bastillion Features
- Environment Specification
- Installing Java 9 on CentOS 7
- Installing Bastillion on CentOS 7
- Configure CentOS 7 Firewall for Bastillion
- Configuring Bastillion Service on CentOS 7
- Accessing Bastillion Web Console
Bastillion Features:
Core features of Bastillion are.
- Centralized user control
- Prevent SSH key sprawl and access mismanagement
- Infrastructure protection
- Layered Protocols
- Auditable
Environment Specification:
We have configured a CentOS 7 based virtual machine for this tutorial.
- CPU - 3.4 Ghz (2 cores)
- Memory - 2 GB
- Storage - 20 GB
- Operating System - CentOS 7.7
- Hostname - bastillion-01.recipes.com
- IP Address - 192.168.116.213 /24
Installing Java 9 on CentOS 7:
Bastillion is a Java based web application and it requires OpenJDK / Oracle JDK 1.9 or later.
Oracle JDK 1.9 is available to download at Oracle website.
We are required an Oracle User Account for downloading Oracle JDK 1.9. Therefore, login to Oracle website and download Oracle JDK 1.9 (RPM).
Transfer the downloaded file to bastillion-01.recipes.com using WinSCP.
Connect to bastillion-01.recipes.com using ssh as root user and install Oracle JDK using rpm command.
# rpm -ivh jdk-9.0.4_linux-x64_bin.rpm
Preparing... ################################# [100%]
Updating / installing...
1:jdk-9.0.4-2000:9.0.4-ga ################################# [100%]
Unpacking JAR files...
plugin.jar...
javaws.jar...
deploy.jar...
Set JAVA_HOME environment variable.
# echo "export JAVA_HOME=/usr/java/jdk-9.0.4/" >> /etc/profile
Verify Java installation.
# java -version
java version "9.0.4"
Java(TM) SE Runtime Environment (build 9.0.4+11)
Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode)
Oracle JDK 9 has been installed on CentOS 7.
Installing Bastillion on CentOS 7:
Bastillion is available to download at GitHub .
Download the Bastillion-Jetty using wget command.
# wget https://github.com/bastillion-io/Bastillion/releases/download/v3.08.01/bastillion-jetty-v3.08_01.tar.gz
--2019-11-11 19:55:05-- https://github-production-release-asset-2e65be.s3.amazonaws.com/8083731/0aaf9e00-de42-11e9-9c7b-f1077b02ff54?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20191111%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20191111T145505Z&X-Amz-Expires=300&X-Amz-Signature=f5a6cbd0b455305d4e316f242e4f5e18562ebb38ce81d6543b17ac5ec7fab9bf&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dbastillion-jetty-v3.08_01.tar.gz&response-content-type=application%2Foctet-stream
Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.99.83
Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.99.83|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 19016060 (18M) [application/octet-stream]
Saving to: âbastillion-jetty-v3.08_01.tar.gzâ
100%[======================================>] 19,016,060 232KB/s in 2m 20s
2019-11-11 19:57:27 (132 KB/s) - âbastillion-jetty-v3.08_01.tar.gzâ saved [19016060/19016060]
Extract TARball using tar command.
# tar xvf bastillion-jetty-v3.08_01.tar.gz
Move the extracted directory to /usr/lib directory.
# mv Bastillion-jetty/ /usr/lib/
Configure CentOS 7 Firewall for Bastillion:
Allow Bastillion default service port 8443/tcp in CentOS 7 firewall.
# firewall-cmd --permanent --add-port=8443/tcp success # firewall-cmd --reload success
Configuring Bastillion Service on CentOS 7:
Start Bastillion as follows.
# cd /usr/lib/Bastillion-jetty/ # ./startBastillion.sh 2019-11-11 20:02:52.788:INFO::main: Logging initialized @3947ms to org.eclipse.jetty.util.log.StdErrLog 2019-11-11 20:02:53.605:WARN:oejx.XmlConfiguration:main: Deprecated method public void org.eclipse.jetty.server.HttpConfiguration.setBlockingTimeout(long) in file:///root/Bastillion-jetty/jetty/etc/jetty.xml 2019-11-11 20:02:54.188:INFO::main: Console stderr/stdout captured to /root/Bastillion-jetty/jetty/logs/2019_11_11.jetty.log Please enter database password: Please confirm database password:
Since, we are starting Bastillion for the first time, therefore we have to set the database password here.
Press Ctrl+C to break the process. Because, we will start Bastillion as a service.
Configure Bastillion startup service on CentOS 7 as follows.
# cd # cp /usr/lib/Bastillion-jetty/jetty/bin/jetty.sh /etc/init.d/bastillion # echo JETTY_HOME=/usr/lib/Bastillion-jetty/jetty > /etc/default/bastillion # chkconfig --add bastillion # service bastillion start Starting Jetty: 2019-11-11 21:36:04.745:INFO::main: Logging initialized @1380ms to org.eclipse.jetty.util.log.StdErrLog 2019-11-11 21:36:05.184:WARN:oejx.XmlConfiguration:main: Deprecated method public void org.eclipse.jetty.server.HttpConfiguration.setBlockingTimeout(long) in file:///usr/lib/Bastillion-jetty/jetty/etc/jetty.xml 2019-11-11 21:36:05.400:INFO::main: Console stderr/stdout captured to /usr/lib/Bastillion-jetty/jetty/logs/2019_11_11.jetty.log . OK Mon Nov 11 21:36:11 PKT 2019
Accessing Bastillion Web Console:
Open URL https://bastillion.recipes.com:8443 in a web browser. Browser may displays a security warning because of the self-signed SSL certificate.
Ignore the warning and proceed to website.
Login to Bastillion Web UI using default username/password i.e. admin/changeme
After successful login, we are now at the next configuration page and here we are being asked to setup two-factor authentication for Android and iOS.
We are not required it now. therefore, we are skipping this step by clicking on Skip for now button.
Click on Systems.
Click on Add System to add a machine in Bastillion jump server.
Another dialog box will show up and asked for the password of the machine we are adding to Bastillion.
Provide the password and click on Submit.
Our machine has been added into Bastillion.
Click on Home to go back to main page.
Click on Users.
Click on Add User to add a new user in Bastillion.
Add a user as per the above screenshot.
Click on Home.
Click on Composite SSH Terms.
Select your machine and click on Create SSH Terminals.
System will ask you for the password.
Enter the password and click on Submit.
After successful authentication, an SSH terminal has been spawned for the machine.
We have successfully installed Bastillion jump server on CentOS 7.