Question 1

How to set up Bastillion with LDAP authentication?

Accepted Answer

Edit the jaas.conf file to define LDAP login modules and set jaasModule=ldap-ol in BastillionConfig.properties. This maps LDAP roles to Bastillion profiles, syncing users upon first login.

Question 2

Bastillion vs Teleport: which is better for SSH access?

Accepted Answer

Bastillion is a self-hosted, Java-based tool focused on web terminals and key management, ideal for simple bastion hosting. Teleport is Go-based, offers broader features like Kubernetes access, and is better for large-scale, cloud-native environments.

Question 3

Is Bastillion free to use in production?

Accepted Answer

It's available under the Prosperity Public License, which allows free use but may impose restrictions on commercial applications. Always review the license terms, as it's not a standard open-source license like MIT or Apache.

Question 4

How to enable auditing in Bastillion?

Accepted Answer

Uncomment the audit-appender and io.bastillion.manage.util.SystemAudit in log4j2.xml, then set enableInternalAudit=true in BastillionConfig.properties. Logs will capture session details and command execution for security compliance.

Question 5

Can Bastillion manage SSH keys for cloud instances?

Accepted Answer

Yes, it can distribute keys to any system with SSH access, including cloud servers. However, integration with cloud provider IAM or metadata services requires manual configuration, as it's not built-in.

Question 6

How to run Bastillion in daemon mode on Linux?

Accepted Answer

Use ./startBastillion.sh --daemon after setting JAVA_HOME, which runs it in the background with logs stored in jetty/logs/. This is useful for production deployments to keep the service running persistently.

KeyBox

What is KeyBox?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions