Master JumpServer: Complete Guide to Installing, Configuring, and Using a Bastion Host

JumpServer Bastion Host

Introduction

JumpServer is an open‑source bastion host that centralizes and secures privileged access to servers, network devices, and other resources.

Reasons for a Bastion Host

Multiple users sharing a single account

: security incidents are hard to trace and account usage cannot be controlled. One user with many accounts: users must remember many credentials and switch between systems, reducing efficiency. Difficulty managing permissions for ops staff: many systems and devices each have different permission models, leading to credential sprawl and potential leaks. Hard to audit and trace operations: traditional workflows lack comprehensive logging of who did what and when.

Main Functions

Account management – create, modify, delete accounts.

Identity management – authenticate users before granting access.

Resource authorization – define which resources and actions each user may use.

Access control – enforce policies to prevent unauthorized access.

Operation audit – record logins, command execution, and other activities for security review.

Installation and Configuration

Official download address: https://docs.jumpserver.org/zh/master/about/download/

Step 1 – Change Hostname

[root@localhost ~]# hostnamectl set-hostname jumpserver
[root@localhost ~]# bash
[root@jumpserver ~]# =

Step 2 – Download Package

[root@jumpserver ~]# ls
anaconda-ks.cfg  jumpserver-offline-installer-v3.5.0-amd64.tar.gz

Step 3 – Extract to /opt

[root@jumpserver ~]# tar -zxvf jumpserver-offline-installer-v3.5.0-amd64.tar.gz -C /opt/
[root@jumpserver ~]# cd /opt/
[root@jumpserver opt]# ls
jumpserver-offline-installer-v3.5.0-amd64
[root@jumpserver opt]# ln -s jumpserver-offline-installer-v3.5.0-amd64/ jumpserver
[root@jumpserver opt]# cd jumpserver

Step 4 – Run Installation Script

[root@jumpserver jumpserver]# ./jmsctl.sh install
... (installation output omitted for brevity) ...
1. Check configuration files
/config.txt [ √ ]
/nginx/cert/server.crt [ √ ]
/nginx/cert/server.key [ √ ]

Step 5 – Configure Docker (required dependencies)

Install Docker, enable IPv6 if needed, and start the service.

Step 6 – Load Docker Images

Load the provided images for Redis, MariaDB, core, koko, lion, magnus, chen, kael, and web.

Step 7 – Configure JumpServer

Set the secret key and bootstrap token, choose persistence directory, decide whether to use external MySQL/Redis, and configure external ports (e.g., web port 80, SSH port 2222).

Step 8 – Initialize Database

Run the initialization steps (details omitted).

Step 9 – Start JumpServer

[root@jumpserver jumpserver]# ./jmsctl.sh start

Access the web UI at http://192.168.200.10:80 (default user/password: admin/admin).

JumpServer Web Interface

User Management

==How to create a user?== Click User Management → User List → Create.

==How to create a user group?== Click User Management → User Groups (default "Default") → Create.

==How to log in with the new user?== Log out from the Administrator account, then log in with the newly created credentials.

Asset Management – Adding a Linux Host

Create a Linux VM (e.g., IP 192.168.200.20) and add it as an asset.

==How to add the host asset?== Asset Management → Asset List → Host → Create → select Linux and fill in the host details.

Account Management – Adding an Account

==How to add an account?== Account Management → Account List → Add → Submit.

Permission Management – Asset Authorization

==How to authorize assets?== Permission Management → Asset Authorization → Create → Submit.

Command Filtering

==How to add command filters?== Permission Management → Command Filtering → Command Group → Create → Submit.

Audit Console

==How to enter the audit console?== Click the Audit icon on the left sidebar.

The audit console shows login counts, dangerous command counts, online sessions, session recordings, command logs, and file transfer logs.

Email Configuration (QQ Mail Example)

Steps: log in to QQ Mail → Settings → Accounts → enable POP3/IMAP/SMTP services → copy the generated authorization code → in JumpServer System Settings → Mail Settings → paste the code and test the connection.

Final Remarks

After configuring email, you can create additional users, set passwords, and manage assets securely. JumpServer provides a unified dashboard for operations, access control, and comprehensive audit capabilities, making privileged access management easier and more auditable.