Security of bastion hosts

Since the user will be logging in through a bastion host, it is assumed that bastion is able to connect to all the instances within your network. Due to this, securing a bastion host is necessary. Here are some general guidelines for the same:

• All unnecessary packages should be removed from the bastion server.
• Proper server hardening should be applied to bastion hosts.
• Always use agent forwarding. A private key should never be stored in a bastion host.