SSH Quick Start Guide

Remote Server Quick Start Guide

Using Quick Start from the Command Line Interface

For the fastest way to setup BastionZero, we recommend using the SSH Quick Start script from our zero-trust command line interface (zli).
  1. 1.
    In a terminal window, install the zli. Do this using brew install bastionzero/tap/zli.
  2. 2.
    Next type zli quickstart.
  3. 3.
    This will launch the Quick Start script, which takes you through a 4-step process to secure your target host(s) with BastionZero. This will take less than 10 minutes.

Rather Do It Yourself? No Problem

If you prefer to complete the process manually, here's what you'll need to do:
  1. 1.
    In a terminal window, make sure you have our zli installed. You can directly download the latest build from our GitHub here, or you can do this using brew install bastionzero/tap/zli.
  2. 2.
    Login to BastionZero using zli login. This will open a browser window and prompt you to log in using your identity provider (currently scoped to Microsoft or Google). Don't worry if you don't have a BastionZero account; it will automatically be created for you.
  3. 3.
    To produce the bash script that will secure your host(s), run zli generate-bash.
Note that this script must be executed from the host(s) you're planning to secure.
Pro tip #1: To save this script to a file for convenience, run this command as zli generate-bash -o
This file will be saved to your current working directory.
Pro tip #2: For those on a Mac, to copy the script into your system's clipboard, you can run this command as zli generate-bash --silent | pbcopy
  1. 1.
    Run the above bash script on your machine to connect with BastionZero. Make this the last time you use ssh by running ssh [email protected] 'bash -s' <
  2. 2.
    Add your intended user (the identity you will connect with) to your policy; i.e., for the unix user foo-user, run zli targetUser --add "Default Admin Policy" foo-user
  3. 3.
    Congratulations! Your hosts are now secured with BastionZero. To connect to your newly secured target, use zli connect <target-user>@<target-name>. To list your available targets, try zli lt



  1. 1.
    Is it safe to let BastionZero utilize my SSH config and .pem files?
    • Yes. Neither the information in your config file nor your SSH keys are stored by BastionZero. The Quick Start script uses your configuration so that SSH can log into your chosen host(s) and install the BastionZero agent.
  2. 2.
    Does BastionZero have any visibility into my login credentials?
    • No. When you authenticate yourself to your identity provider, you are interacting directly with the IdP.
  3. 3.
    How does MrZAP work?
    • That's a great question! Here is our whitepaper covering the protocol.
  4. 4.
    What does BastionZero do with my data?
    • BastionZero does not share or sell your information to any third party. We may contact you in the future to share updates on the product or seek your feedback. For more information, please see our privacy policy and terms of service.
Last modified 21d ago