A company recently deployed a new application that runs on a group of Amazon EC2 Linux instances in a VPC. In a peered VPC, the company launched an EC2
Linux instance that serves as a bastion host. The security group of the application instances allows access only on TCP port 22 from the private IP of the bastion host. The security group of the bastion host allows access to TCP port 22 from 0.0.0.0/0 so that system administrators can use SSH to remotely log in to the application instances from several branch offices.
While looking through operating system logs on the bastion host, a cloud engineer notices thousands of failed SSH logins to the bastion host from locations around the world. The cloud engineer wants to change how remote access is granted to the application instances and wants to meet the following requirements:
✑ Eliminate brute-force SSH login attempts.
✑ Retain a log of commands run during an SSH session.
✑ Retain the ability to forward ports.
Which solution meets these requirements for remote access to the application instances?
Jaypdv
Highly Voted 3 years, 2 months agoSJain50
Highly Voted 3 years, 1 month agoJesuisleon
Most Recent 1 year, 6 months agovn_thanhtung
1 year, 3 months agoShankar124
2 years, 5 months agouser89
2 years, 6 months agotartarus23
2 years, 7 months agochatvinoth
2 years, 11 months agoAzureDP900
2 years, 12 months agoandylogan
3 years, 1 month agotgv
3 years, 1 month agoblackgamer
3 years, 1 month agosergioandreslq
3 years, 1 month agosergioandreslq
3 years, 1 month agoSuresh108
3 years, 1 month agoKopa
3 years, 1 month agoWhyIronMan
3 years, 1 month agoqurren
3 years, 1 month agohk436
3 years, 1 month ago