bastionhost

A bastion host, also known as a jump server, is a hardened computer positioned at the edge of a network to serve as the controlled entry point for administrative access to systems inside a protected network. It is typically placed in a DMZ or public subnet and is minimized to reduce exposure.

Administrators connect to the bastion using secure protocols such as SSH or RDP, often with multi-factor authentication.

Key deployment considerations include strong hardening, regular updates, strict access controls, and comprehensive logging. Often a

In cloud environments, bastion functionality may be provided by dedicated services or by jump hosts within

A bastion host is not a firewall or VPN gateway; rather it is a controlled entry point