Quick Links & Suggestions
Press Enter to search site, Esc to exit
↑↓ Navigate

What is a bastion host (jump server) and what are the modern alternatives?

Medium Topic: System Design May 24, 2026

A bastion host is a dedicated, hardened server in a public subnet used as the only entry point for SSH/RDP into private subnet resources. All access is logged and audited.

Modern, better alternatives:

  • AWS Systems Manager Session Manager: SSH into EC2 over HTTPS through the AWS API. No open port 22 required. All sessions logged to CloudWatch/S3. IAM-controlled access.
  • Teleport: Open-source access platform with MFA, session recording, and role-based access for SSH, Kubernetes, databases, and web applications.
  • Tailscale / WireGuard: Zero-config VPN mesh that avoids exposing any servers publicly.
← Previous How do you implement secrets rotation without downtime? Next → What is multi-factor authentication (MFA) and why should...

Practice Similar Questions

What is the difference between authentication and authorization?
Easy
How do you implement security scanning in a GitHub Actions...
Hard
What is Zero Trust Architecture and how does it apply...
Medium
Back to System Design Topics