# Setup a FABRIC Bastion Keypair

In order to minimize security incidents on FABRIC, access to VMs and other resources administered by users is controlled by a bastion host. You will need to set up an ssh keypair that will be used to jump through the bastion host to your VMs and other resources. This keypair is unique to you and is only used to set up ssh proxy connections through the bastion host to your FABRIC resources. These proxies only setup secure paths through the bastion hosts. The paths are completed using additional ssh keys that are specified in the slice request and installed in the VMs.

The following notebook walks through creating and submitting a bastion keypair necessary to use FABRIC. More information about how to access your experiment throught the bastion host can be found [here](https://learn.fabric-testbed.net/knowledge-base/logging-into-fabric-vms/).

## Configure Environment

In [None]:
export FABRIC_SSH_DIR=${HOME}/work/.ssh
mkdir -p $FABRIC_SSH_DIR

export FABRIC_BASTION_USERNAME=<INSERT_YOUR_FABRIC_USERNAME>
export FABRIC_BASTION_PRIVATE_KEY_LOCATION=${FABRIC_SSH_DIR}/id_rsa_fabric
export FABRIC_BASTION_PUBLIC_KEY_LOCATION=${FABRIC_BASTION_PRIVATE_KEY_LOCATION}.pub

export FABRIC_BASTION_SSH_CONFIG_FILE=${FABRIC_SSH_DIR}/config

## Create the Bastion Host Keypair

In [None]:
mkdir -p $FABRIC_SSH_DIR

ssh-keygen -t rsa -f ${FABRIC_BASTION_PRIVATE_KEY_LOCATION} -N ""
ssh-keygen -p -m PEM -f ${FABRIC_BASTION_PRIVATE_KEY_LOCATION} -N ""

## Create the SSH Config File

In [None]:
echo "Host bastion-*.fabric-testbed.net" >> ${FABRIC_BASTION_SSH_CONFIG_FILE}
echo "     User ${FABRIC_BASTION_USERNAME}" >> ${FABRIC_BASTION_SSH_CONFIG_FILE}
echo "     IdentityFile ${FABRIC_BASTION_PRIVATE_KEY_LOCATION}" >> ${FABRIC_BASTION_SSH_CONFIG_FILE}

## Submit the Public Key to FABRIC

<div class="alert alert-block alert-info">
<b>Note:</b> Currently this step is a manual process. It will be automated in the near future.
</div>

Create new topic on the [FABRIC Account Issues Forum](https://learn.fabric-testbed.net/forums/forum/fabric-account-issues/). In the message, include the public key printed by the following cell. 

Once we create your bastion account we will reply to you forum post with your assigned bastion username.

In [None]:
cat $FABRIC_BASTION_PUBLIC_KEY_LOCATION