Bastion Container Creation

[amandayclee]

Fixes

• Fixes Create Bastion Host Docker Container #3 by @Shafiya-Heena

Description

Create a bastion Dockerfile as a jump server

Technical details

The bastion Dockerfile includes:

• Installation of necessary packages such as openssh-client and openssh-server.
• Configuration of SSH settings to enhance security, including disabling root login and enabling public key authentication.
• Creation of a sysadmin user with appropriate SSH key setup.
• Exposure of the necessary SSH port.

Tests

1. From your localhost, run docker-compose up to start the container.
2. From your localhost, run ssh-add ./sysadmin-ssh-keys/rsa_sysadmin
3. From your localhost, run ssh -J sysadmin@localhost:22222 sysadmin@web-dev and ssh -J sysadmin@localhost:22222 sysadmin@ansible-dev to verify the connection through the bastion server. The connection should be successful.

Screenshots

Checklist

• My pull request has a descriptive title (not a vague title like Update index.md).
• My pull request targets the default branch of the repository (main or master).
• My commit messages follow best practices.
• My code follows the established code style of the repository.
• I added or updated tests for the changes I made (if applicable).
• I added or updated documentation (if applicable).
• I tried running the project locally and verified that there are no
  visible errors.

Developer Certificate of Origin

For the purposes of this DCO, "license" is equivalent to "license or public domain dedication," and "open source license" is equivalent to "open content license or public domain dedication."

Developer Certificate of Origin

Developer Certificate of Origin
Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129

Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.


Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.

[amandayclee]

I updated the testing instructions. Now you should no longer see public key denied error.

[Shafiya-Heena]

Please revert this change as we use Ansible for configuration instead of Docker.

[Shafiya-Heena]

please remove db details as we are not managing it

- Host db-dev
- HostName db-dev
- User sysadmin
- identityFile /home/sysadmin/.ssh/id_rsa
- ForwardAgent yes
+                      

[Shafiya-Heena]

I believe we decided to use ProxyJump, so this needs to be updated accordingly.
something like this

+ Host ansible-dev
+    HostName ansible-dev
+    User sysadmin
+    IdentityFile /home/sysadmin/.ssh/id_rsa
+    ProxyJump bastion

+ Host web-dev
+    HostName web-dev
+    User sysadmin
+    IdentityFile /home/sysadmin/.ssh/id_rsa
+    ProxyJump bastion


+ Host bastion
+    HostName bastion-dev
+    User sysadmin
+    IdentityFile /home/sysadmin/.ssh/id_rsa

[Shafiya-Heena]

Looks good to me, Approved!! ❤️