# Setup a FABRIC Bastion Keypair

In order to minimize security incidents on FABRIC, access to VMs and other resources administered by users is controlled using a bastion host. You will need to set up an ssh keypair that will be used to jump through the bastion host to your VMs and other resources. This keypair is unique to you and is only used to set up ssh proxy connections through the bastion host to your FABRIC resources. 

The following notebook walks through creating and submitting a bastion keypair necessary to use FABRIC. More information about how to access your experiment through the bastion host can be found [here](https://learn.fabric-testbed.net/knowledge-base/logging-into-fabric-vms/).

## Step 1: Add your Bastion Key

Copy your bastion private key to your Jupyter container. Drag/drop your key from your local machine to the file browser in your Juypyter browser window. Note the name of your key and location where you put it.

## Step 2: Set your Bastion Username and the Path to your Bastion Keys

Edit the following cell by entering you FABRIC bastion username and the correct path to the copy of your bastion private key in your Jupyter container.  

- Your bastion user name can be found on your [user profile page](https://portal.fabric-testbed.net/user) in the FABRIC portal (click "My SSH Keys").
- The path to your bastion key was determined when you copyied it to the Jupyter container.  

In [None]:
export FABRIC_BASTION_USERNAME=<INSERT_YOUR_FABRIC_USERNAME>
export FABRIC_BASTION_PRIVATE_KEY_LOCATION=${HOME}/work/fabric_bastion_key
export FABRIC_BASTION_PUBLIC_KEY_LOCATION=${HOME}/work/fabric_bastion_key.pub

## Step 3:  Set the Permissions on your Bastion Key
 
Your private bastion key must not have it permissions too open.

In [None]:
chmod 600 ${FABRIC_BASTION_PRIVATE_KEY_LOCATION}

## Step 4: Create the SSH Config File

Using ssh to jump through the bastion hose from a terminal command line requires your bastion private key to be automatically accessible by your ssh program. One way to do this is to add the following entry to your ~/.ssh/config file.  


In [None]:
export FABRIC_BASTION_SSH_CONFIG_FILE=${HOME}/.ssh/config

echo "Host bastion-*.fabric-testbed.net"                        >  ${FABRIC_BASTION_SSH_CONFIG_FILE}
echo "     User ${FABRIC_BASTION_USERNAME}"                     >> ${FABRIC_BASTION_SSH_CONFIG_FILE}
echo "     IdentityFile ${FABRIC_BASTION_PRIVATE_KEY_LOCATION}" >> ${FABRIC_BASTION_SSH_CONFIG_FILE}

## Step 5: Re-run this Notebook as Needed

The files you store in the ~/work directory of this Jupyter container are persistent and will be here whenever you login. Files outside of this directory are not persistent and will be cleaned up when your Jupyter container is reloaded. Unfortunately, this includes the ssh config file created in step 4. When this happens you will need to recreate the config file by re-running this notebook. 
