Master JumpServer Bastion Host: Installation, Configuration, and Usage Guide
This comprehensive guide explains why a bastion host is needed, outlines JumpServer's core features, and provides step‑by‑step instructions for installing, configuring, managing users and assets, setting up command filtering, auditing sessions, and configuring email notifications.
JumpServer Bastion Host
Introduction
JumpServer is an open‑source bastion host that centralizes and secures access to servers, network devices, and other resources. It solves problems such as multiple users sharing a single account, users managing many credentials, and the difficulty of auditing privileged operations.
Reasons for a Bastion Host
Multiple users sharing one account: security incidents become hard to trace and account scope cannot be controlled. One user with many accounts: remembering many passwords across systems reduces efficiency. Complex permission management: large enterprises have diverse permission models, leading to credential leakage and gaps. Lack of operation audit: traditional workflows cannot reliably record who did what and when.
Main Functions
Account management – create, modify, delete user accounts.
Identity management – authenticate users before granting access.
Resource authorization – define which resources and actions each user may use.
Access control – enforce policies to prevent unauthorized access.
Operation audit – record login, command execution, and other activities for security review.
Installation and Configuration
Download the official package from JumpServer download page .
1. Modify the hostname
hostnamectl set-hostname jumpserver
bash2. Download the installer package
ls
anaconda-ks.cfg jumpserver-offline-installer-v3.5.0-amd64.tar.gz3. Extract to
/opt/tar -zxvf jumpserver-offline-installer-v3.5.0-amd64.tar.gz -C /opt/
cd /opt/
ln -s jumpserver-offline-installer-v3.5.0-amd64/ jumpserver
cd jumpserver4. Run the installation script ./jmsctl.sh install During installation the script checks configuration files, installs Docker, loads required images (Redis, MariaDB, core, koko, lion, magnus, chen, kael, web), and prompts for secret keys, persistence directory, MySQL/Redis usage, external ports, and database initialization.
5. Start JumpServer ./jmsctl.sh start Web access: http://<em>host_ip</em>:80 (default user: admin, password: admin). SSH/SFTP access uses port 2222.
Web Interface
User Management
To create a user: go to User Management → User List → Create .
Asset Management
Add Linux Host
Create a Linux VM (e.g., IP 192.168.200.20) and add it as an asset.
IP:192.168.200.20To add the host: Asset Management → Asset List → Host → Create → select Linux and fill in the details.
Command Filtering
To add a command filter: Permission Management → Command Filtering → Command Group → Create → Submit.
Audit Console
Enter the audit console via the dashboard to view login counts, risky command statistics, online sessions, and session recordings.
Email Configuration
Configure a QQ mailbox for notifications.
Log in to QQ mail.
Open Settings → Accounts.
Enable POP3/IMAP/SMTP services; note the generated authorization code.
In JumpServer, go to System Settings → Mail Settings, fill in the server, port, user, and authorization code, then test the connection.
After configuring, you can create users, set passwords, and manage assets securely through the JumpServer web UI.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Raymond Ops
Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.