Configure Debian as a bastion host

Install a minimal Debian system

  • Download the iso of your choice

  • Make almost everywhere the default selections

  • Root and oper users

  • Configure the network

  • Reboot

  • Update

  • install sudo

  • install net-tools (ifconfig etc)

  • install vim & update-alternatives --config editor

  • make oper a sudoer

  • ssh-copyid your public key to bastion host

  • add a second network card

  • configure the second card (IP etc)

  • install ufw

  • sudo ufw allow from /32 to any port 22

  • sudo ufw enable

  • at every host in the internal subnet: ufw allow from bastionhost/32 to any port 22

  • configure bastion host as a gateway

  • create rsa key pair for oper

  • vim .ssh/config

    Host *
    ServerAliveInterval 60
    Host internalhost
    User oper