% Bastion

# Installation

Installation en cours: Devuan

```bash
ssh bastion
```

## TODO

- [ ] [linux - Limit SSH access to specific clients by IP address - Unix & Linux Stack Exchange](https://unix.stackexchange.com/questions/406245/limit-ssh-access-to-specific-clients-by-ip-address)
- [ ] [Using iptables to prevent SSH brute force attacks and DDOS attacks](https://serverfault.com/questions/847755/using-iptables-to-prevent-ssh-brute-force-attacks-and-ddos-attacks)
  - [ ] [How to Block Brute-Force Attacks on SSH: Step by Step guide](https://codenotary.com/blog/how-to-block-brute-force-attacks-on-ssh)
- [ ] [https://goteleport.com/blog/ssh-bastion-host/](https://goteleport.com/blog/ssh-bastion-host/)
- [ ] [https://goteleport.com/blog/security-hardening-ssh-bastion-best-practices/](https://goteleport.com/blog/security-hardening-ssh-bastion-best-practices/)
- [ ] [https://goteleport.com/blog/ssh-key-management/](https://goteleport.com/blog/ssh-key-management/)
  - [ ] [14.3. Using OpenSSH Certificate Authentication | Deployment Guide | Red Hat Enterprise Linux | 6 | Red Hat Documentation](https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/deployment_guide/sec-using_openssh_certificate_authentication#sec-Introduction_to_SSH_Certificates)

### Sécurisation (ajouts possibles)

* [Sécurisation d'un serveur Linux sous debian - HackMD](https://hackmd.io/@Ben-Rahiti-Romain/SkciYWMWj)
* [Hardening - Debian Wiki](https://wiki.debian.org/Hardening)
* [Welcome to The Bastion documentation! — The Bastion 3.20.00 documentation](https://ovh.github.io/the-bastion/index.html)

# Webographie

* [(1) Option for double bastion Terraform setup? | Proxmox Support Forum](https://forum.proxmox.com/threads/option-for-double-bastion-terraform-setup.94418/)
* [(1) Best practices for having a SSH jumphost | Proxmox Support Forum](https://forum.proxmox.com/threads/best-practices-for-having-a-ssh-jumphost.112357/)
* [What is an SSH Bastion? | SSH Bastion host setup](https://goteleport.com/blog/ssh-bastion-host/)
* [ssh - SSHFS over a jumphost - Server Fault](https://serverfault.com/questions/941934/sshfs-over-a-jumphost)

## Certificats

- [How to use Let's Encrypt with an SSH Bastion](https://goteleport.com/blog/letsencrypt-teleport-ssh/)


## Autres solutions

[Comment configurer un serveur Bastion avec Warpgate sur Debian](https://fr.linux-console.net/?p=30725)