How to install Bastillion on CentOS 7

Alaric Bird

5 years ago

Share on Social Media

Discover how to install Bastillion on CentOS 7 with our step-by-step guide. Securely manage and control your SSH infrastructure with ease. #centlinux #linux #bastillion

What is Bastillion?

Bastillion Jump Server is a web-based SSH key management and terminal solution that acts as a secure jump host (bastion server) for managing remote server access. It provides a centralized platform for handling SSH sessions, enforcing access controls, and enhancing security by restricting direct SSH connections to critical systems.

Key Features of Bastillion Jump Server

Secure Web-Based SSH Access – Users can connect to remote servers via a web browser without exposing SSH ports.
Centralized SSH Key Management – Eliminates the need to share SSH private keys among users.
Role-Based Access Control (RBAC) – Ensures users only have access to authorized systems.
Logging & Auditing – Tracks user activity for compliance and security monitoring.
Multi-Factor Authentication (MFA) – Enhances security by requiring an additional authentication step.

Bastillion is particularly useful for organizations that need to manage multiple remote servers securely while ensuring auditability and controlled access.

In this article, we will install Bastillion Jump Server on CentOS 7. Bastillion is the fork of Keybox and the same steps can be used to install Keybox on CentOS 7.

Bastillion Features

Core features of Bastillion are.

Centralized user control
Prevent SSH key sprawl and access mismanagement
Infrastructure protection
Layered Protocols
Auditable

Recommended Training: Linux Administration: The Complete Linux Bootcamp in 2025 from Andrei Dumitrescu, Crystal Mind Academy

Linux Server Specification

For this tutorial, we have provisioned a virtual machine running CentOS 7 with a minimal installation. This setup provides a lightweight, secure, and efficient environment by including only the essential system components.

CPU – 3.4 Ghz (2 cores)
Memory – 2 GB
Storage – 20 GB
Operating System – CentOS 7.7
Hostname – bastillion-01.recipes.com
IP Address – 192.168.116.213 /24

This clean and well-optimized setup serves as the ideal foundation for deploying and configuring Bastillion, ensuring a smooth installation process without unnecessary resource consumption.

Install Java on CentOS 7

Bastillion is a Java-based web application that serves as a secure SSH key management and remote access tool. To function properly, it requires OpenJDK or Oracle JDK version 1.9 or later to provide the necessary Java runtime environment.

Oracle JDK 1.9 is not available in the default CentOS repositories, so it must be manually downloaded from the Oracle website. Since Oracle requires users to log in with an Oracle account before downloading, you need to create or sign in to an Oracle User Account to access the JDK files.

Once logged in, navigate to the Oracle JDK 1.9 download section, select the RPM package, and download it to your local machine.

After downloading the Oracle JDK RPM package, you need to transfer it to your Bastillion server (bastillion-01.recipes.com). You can use WinSCP, scp command, or any other secure file transfer method to copy the file from your local machine to the server.

Once the JDK package is transferred, connect to the Bastillion server via SSH as the root user. From there, you can proceed with the installation of Oracle JDK 1.9 using the rpm package manager, ensuring that the Java runtime is properly set up for Bastillion to function smoothly.

# rpm -ivh jdk-9.0.4_linux-x64_bin.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:jdk-9.0.4-2000:9.0.4-ga          ################################# [100%]
Unpacking JAR files...
        plugin.jar...
        javaws.jar...
        deploy.jar...

Set JAVA_HOME environment variable.

# echo "export JAVA_HOME=/usr/java/jdk-9.0.4/" >> /etc/profile

Verify Java installation.

# java -version
java version "9.0.4"
Java(TM) SE Runtime Environment (build 9.0.4+11)
Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode)

Oracle JDK 9 has been installed on CentOS 7.

Install Bastillion on CentOS 7

Bastillion is an open-source web-based SSH management application that provides a centralized platform for secure remote access and key management. It is actively maintained and available for download on GitHub.

To install Bastillion, we need to download the Bastillion-Jetty package, which includes the application bundled with the Jetty web server. Jetty is a lightweight, high-performance Java web server that allows Bastillion to run without requiring additional configurations for an external web server.

For convenience and automation, we can use the wget command to directly fetch the latest Bastillion-Jetty package from its official GitHub repository. This method ensures that we retrieve the most up-to-date and stable version of the software while avoiding the need for manual downloads.

# wget https://github.com/bastillion-io/Bastillion/releases/download/v3.08.01/bastillion-jetty-v3.08_01.tar.gz
--2019-11-11 19:55:05--  https://github-production-release-asset-2e65be.s3.amazonaws.com/8083731/0aaf9e00-de42-11e9-9c7b-f1077b02ff54?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20191111%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20191111T145505Z&X-Amz-Expires=300&X-Amz-Signature=f5a6cbd0b455305d4e316f242e4f5e18562ebb38ce81d6543b17ac5ec7fab9bf&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dbastillion-jetty-v3.08_01.tar.gz&response-content-type=application%2Foctet-stream
Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.99.83
Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.99.83|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 19016060 (18M) [application/octet-stream]
Saving to: âbastillion-jetty-v3.08_01.tar.gzâ

100%[======================================>] 19,016,060   232KB/s   in 2m 20s

2019-11-11 19:57:27 (132 KB/s) - âbastillion-jetty-v3.08_01.tar.gzâ saved [19016060/19016060]

Extract TARball using tar command to install Bastillion jump server.

# tar xvf bastillion-jetty-v3.08_01.tar.gz

Move the extracted directory to /usr/lib directory.

# mv Bastillion-jetty/ /usr/lib/

Configure Linux Firewall for Bastillion

By default, Bastillion operates on port 8443/tcp, which is used for secure web-based SSH management. To ensure that users can access the Bastillion web interface from a remote machine, we need to allow incoming traffic on port 8443 through the CentOS 7 firewall.

CentOS 7 uses firewalld as its default firewall management tool, which helps control network traffic and enforce security policies. To allow Bastillion’s default service port (8443/tcp), we must add a firewall rule to permit traffic on this port and then reload the firewall to apply the changes.

This step is essential to prevent connectivity issues and ensure that the Bastillion web application is accessible over a network. If the port is blocked, users will not be able to reach the Bastillion login page, and remote SSH key management functionality will be restricted.

# firewall-cmd --permanent --add-port=8443/tcp
success
# firewall-cmd --reload
success

Configure Bastillion Service

Start Bastillion as follows.

# cd /usr/lib/Bastillion-jetty/
# ./startBastillion.sh
2019-11-11 20:02:52.788:INFO::main: Logging initialized @3947ms to org.eclipse.jetty.util.log.StdErrLog
2019-11-11 20:02:53.605:WARN:oejx.XmlConfiguration:main: Deprecated method public void org.eclipse.jetty.server.HttpConfiguration.setBlockingTimeout(long) in file:///root/Bastillion-jetty/jetty/etc/jetty.xml
2019-11-11 20:02:54.188:INFO::main: Console stderr/stdout captured to /root/Bastillion-jetty/jetty/logs/2019_11_11.jetty.log
Please enter database password:
Please confirm database password:

Since, we are starting Bastillion for the first time, therefore we have to set the database password here.

Press Ctrl+C to break the process. Because, we will start Bastillion as a service.

Configure Bastillion startup service on CentOS 7 as follows.

# cd
# cp /usr/lib/Bastillion-jetty/jetty/bin/jetty.sh /etc/init.d/bastillion
# echo JETTY_HOME=/usr/lib/Bastillion-jetty/jetty > /etc/default/bastillion
# chkconfig --add bastillion
# service bastillion start
Starting Jetty: 2019-11-11 21:36:04.745:INFO::main: Logging initialized @1380ms to org.eclipse.jetty.util.log.StdErrLog
2019-11-11 21:36:05.184:WARN:oejx.XmlConfiguration:main: Deprecated method public void org.eclipse.jetty.server.HttpConfiguration.setBlockingTimeout(long) in file:///usr/lib/Bastillion-jetty/jetty/etc/jetty.xml
2019-11-11 21:36:05.400:INFO::main: Console stderr/stdout captured to /usr/lib/Bastillion-jetty/jetty/logs/2019_11_11.jetty.log
. OK Mon Nov 11 21:36:11 PKT 2019

Access Bastillion Web Console

Open URL https://bastillion.recipes.com:8443 in a web browser. Browser may displays a security warning because of the self-signed SSL certificate.

Ignore the warning and proceed to website.

After successful login, we are now at the next configuration page and here we are being asked to setup two-factor authentication for Android and iOS.

Configure Bastillion Two Factor Authentication

We are not required it now. therefore, we are skipping this step by clicking on Skip for now button.

Click on Systems.

Click on Add System to add a machine in Bastillion jump server.

Another dialog box will show up and asked for the password of the machine we are adding to Bastillion.

Provide the password and click on Submit.

Bastillion – Add system – Enter Password

Our machine has been added into Bastillion.

Click on Home to go back to main page.

Click on Users.

Click on Add User to add a new user in Bastillion.

Add a user as per the above screenshot.

Click on Home.

Click on Composite SSH Terms.

Select your machine and click on Create SSH Terminals.

Bastillion – Enter Password for Linux System

System will ask you for the password.

Enter the password and click on Submit.

After successful authentication, an SSH terminal has been spawned for the machine.

Final Thoughts

Installing Bastillion on CentOS 7 is a great way to securely manage and control your SSH infrastructure. With the right steps, you can set up Bastillion to enhance the security and efficiency of your SSH management. Whether you’re an IT administrator or a security professional, mastering Bastillion will greatly improve your system’s security posture.

Looking for a Linux server expert? I provide top-tier administration, performance tuning, and security solutions for your Linux systems. Explore my Fiverr profile for details!

FAQs

1. What is Bastillion, and why is it used?
Bastillion is an open-source web-based SSH key management and terminal solution designed for centralized administration of SSH connections, enhancing security and access control.

2. What are the prerequisites for installing Bastillion on CentOS 7?
To install Bastillion, you need Java (OpenJDK or Oracle JDK), Apache Tomcat or Jetty, PostgreSQL or MySQL (optional for database storage), and essential system dependencies.

3. How do I access the Bastillion web interface after installation?
Once installed, you can access Bastillion through a web browser by entering your server’s IP address or domain name, followed by the configured Bastillion port (default: 8443).

4. Does Bastillion support multi-user access and role-based authentication?
Yes, Bastillion provides role-based access control (RBAC), allowing multiple users to securely access and manage SSH sessions while enforcing least privilege security policies.

5. How can I ensure Bastillion runs smoothly on CentOS 7?
To keep Bastillion stable, ensure that Java and Tomcat services are running, apply security patches regularly, monitor resource usage, and configure SSL certificates for encrypted access.

Table of Contents