Skip to main content

Bastion (SSH Access)

The Bastion container provides secure SSH access into your project's internal network. It runs inside your project's namespace and gives you private access to internal services like Volumes, MySQL, PostgreSQL, and Redis.

Use it when you want to:

  • Browse and manage volume files at /volumes/{name}
  • Import or export MySQL or PostgreSQL databases (e.g. using mysqldump or pg_dump)
  • Access Redis using the redis-cli
  • Run CLI tools or scripts within your project network
  • Create file or database backups

How Bastion Works

  • A lightweight container is deployed automatically in each project
  • It has internal access to all your services (volumes, databases, apps)
  • SSH access is authorized via your public SSH keys

The Bastion is not exposed to the public internet – only whitelisted users with keys can log in.

How to Connect

  1. Go to your Project → Bastion (SSH) tab
  2. Add your public SSH key
  3. Use the following command to log in:
ssh <project-id>@<region-bastion-host>

Example:

ssh hpr-123456@bastion.eu-west.hostim.dev

Once connected:

  • Your volumes are mounted under /volumes/{name}
  • You can use internal hostnames like mysql-db, postgres-db or redis-store to connect to your services

Example Use Cases

  • Back up a MySQL or PostgreSQL database:
mysqldump -h mysql-db -u user -p database > backup.sql
pg_dump -h postgres-db -U user database > backup.sql
  • Inspect volume contents:
cd /volumes/my-uploads
ls -lah
  • Restore a Redis dump or inspect keys:
redis-cli -h redis-store

Interactive Shell for Apps

You can enter an interactive shell directly into any of your running applications using the shell command from within the Bastion. This is useful for debugging, running migrations, or inspecting the application environment.

shell <app-name>

Example

bastion-hpr-7a080e53:~$ shell my-api-app
# bash
root@my-api-app:/#

If the application is not found:

bastion-hpr-7a080e53:~$ shell non-existent
ERROR: app not found: non-existent

Requirements & Restrictions

⚠️ Shell Availability: The container image must have sh available. If your image is built from scratch or is a distroless image without a shell, the command will fail.

⚠️ Terms of Service: You must respect our Terms of Service. Running network scanners, port scanners, or any other security-related tools is strictly prohibited. Violation of these terms will lead to an immediate ban of your account.

Security and Access

  • SSH access is only available if you've added at least one public key
  • Each Bastion is fully isolated per project
  • All traffic stays inside the private internal network

Troubleshooting

SSH connection fails? Make sure:

  • You added a valid public key
  • You copied the login command correctly
  • Your project is running and has services

Still stuck? Use the support widget in the console.