DEF CON Forum Site Header Art


No announcement yet.

21 Jump Server: Going Bastionless in the Cloud

  • Filter
  • Time
  • Show
Clear All
new posts

  • 21 Jump Server: Going Bastionless in the Cloud

    Title: 21 Jump Server: Going Bastionless in the Cloud

    If you are a customer of AWS, Azure, or GCP, you may have deployed your own bastion hosts to provide RDP or SSH access to your virtual machines. While bastions help to protect your infrastructure, there are challenges that come along with them, such as managing the identities, obtaining logs, and preventing SSH multiplexing attacks.

    In this talk, we will briefly review bastion hosts and some of their shortcomings, as well as the SSH multiplexing attack. The SSH multiplexing attack uses a feature of SSH to pivot from a compromised laptop to your bastion hosts. From there, the attacker could use this feature to compromise other users and gain access to your virtual machines hosted in the cloud.

    Finally, we’ll show you services that provide access to your virtual machines in all three major cloud providers that eliminate the need for bastion hosts. Some providers have more than one alternative. However, this presentation will not present all of the alternatives. It is focused on the services that generally take the following approach:

    Users authenticate to the access service with their Identity and Access Management (IAM) credentials for the cloud provider.
    Once authenticated, the cloud service creates an encrypted tunnel with port forwarding, which runs SSH or RDP for the user.

    The benefits of this approach include:
    Public IP addresses are not required in order to access the virtual machines.
    It eliminates the possibility of compromising an entire organization with SSH multiplexing attacks.
    In some cases, disabling a user’s IAM credentials also removes SSH or RDP access.
    Cloud audit logs will capture metadata for RDP or SSH sessions, and in some cases, full session logs are easy to collect through the provider’s service.
    We’ll cover Session Manager in AWS, OS Login and Identity-Aware Proxy (IAP) in GCP, and the Bastion Service in Azure. You’ll see how the services work, how they help with identity management, and where to find the SSH sessions in logs.
    If you are migrating to any of these platforms, this could save you from having to go through the pain of deploying your own solutions!




    Speaker(s): Colin Estep

    Location: Cloud Vlg


    Event starts: 2020-08-08 12:30 (12:30 PM) PDT (UTC -07:00)

    Event ends: 2020-08-08 13:15 (01:15 PM) PDT (UTC -07:00)

    For the most up-to-date information, please either visit, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-08T05:42 (UTC).
    August 8, 2020 12:30
    August 8, 2020 13:15
    Cloud Vlg
    Last edited by aNullValue; August 7, 2020, 23:19.