SSH Port-forwarding to access Kyvos Manager
Applies to: Kyvos Enterprise Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace
Kyvos Azure Marketplace Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)
This section explains how to connect with AWS-managed services EC2 instances and create tunnels to access Kyvos Manager from Bastion Hosts. With the help of a Bastion host, the user can access Kyvos Manager.
Prerequisites
To access the Bastion hosts user needs to install the following software:
Required Software to be Installed
Software Name | OS | Description |
---|---|---|
Putty | Windows/Mac | Putty is used to make connections & tunnels between AWS Managed service instances. |
PuttyGen | Windows/Mac | To create a Private key to get authorized access on the AWS Managed service instance (Bastion Host) |
The DevOps Team will provide the PEM key to the user to access AWS-managed services instances. Using this key, the user can log into Bastion Host and get access to Kyvos Manager by creating an SSH Port forwarding tunnel between Bastion Host and Kyvos Manager host.
Private Key
Private Key is used to both encrypt and decrypt the data and is shared between the source and destination of encrypted data.
The DevOps Team will provide the PEM key to the user. The user must convert the PEM key in PPK format to log into the Bastion host and Kyvos Manager portal.
Steps to convert the PEM key to PPK format using PuttyGen:
Open PuttyGen software.
Click the Load to select the downloaded PEM key.
From the Parameters area, select the RSA option from the Type of key to generate, and click the Generate button.
The Key is generated and displayed, as shown in the following figure.
Click the Save private key button, and save it with a suitable name on your computer network.
Connections & Tunneling
SSH port forwarding, or TCP/IP connection tunneling, is a process whereby a TCP/IP connection that would otherwise be insecure is tunneled through a secure SSH link, thus protecting the tunneled connection from network attacks. Port forwarding can be used to establish a form of a virtual private network (VPN).
The tunneling is required to get access to the Kyvos Manager portal from your local system.
For this, there is a need to make the connection for the Bastion host and create tunnels to access Kyvos Manager from it.
Example: Bastion Host Public IP: 3.84.27.10
Note: DevOps Team will provide the Bastion Host Public IP and Kyvos Manager Private IP
Steps to make the Connection and Tunnel:
Open Putty software.
Specify the Bastion host Public IP (e.g. 3.84.27.10)
Go to SSH > Auth > Browse the generated Private key.
Go to SSH > Auth > Tunnels. You must have the Kyvos manager Private IP.
Now, enter the source Port (default/customized).
In the Destination, specify the Kyvos Manager IP and its Port.
Example: <Destination IP>:<Port>Click to Add to save the details of the source port and destination.
Go back to the session and save it.
To log into the Bastion host and click Open.
Enter user: ec2-user.You can now access Kyvos Manager portal on your local system’s browser using any of the following URLs:
http://127.0.0.1:8080/kyvosmanager/ Or http://localhost:8080/kyvosmanager/
References:
https://www.youtube.com/watch?v=wnpRcjspk_M
Copyright Kyvos, Inc. All rights reserved.