This is an optional offering. Once deployed, users are responsible for its maintenance and updates. Feel free to ask for feedback in the #peer-support channel on EWC RocketChat.
The SSH proxy or SSH bastion is the barrier between your internal machines (without public or floating IPs) and the public internet. With the SSH proxy, you'll have an extra layer of security on top of your VMs. It's equipped with fail2ban, automatic security updates and more.
How to provision the SSH Proxy
Tenants onboarded to the EUMETSAT site prior to October 2025 support EWC-managed Deployment, as described below. For tenancies onboarded afterwards, you may deploy via the corresponding Community Hub Item on any of the available sites.
EWC-managed Deployment (EUMETSAT Tenants onboard prior to October 2025)
- Go to Provisioning → click Add Button
- Select SSH BASTION
- Fill information for the machine and finalize provisioning
- plan: A eo1.medium (EUMETSAT) or 2cpu-4gbmem-30gbdisk (ECMWF) should suffice.
- network: Select the private network for the tenancy.
- security-groups: ssh.
- public IP: select one available or use external.
Self-Service Deployment
Checkout the Community Hub Item.