zliclients but will be unable to use any of the features associated with BastionZero.
zli. The shell terminal runs in the BastionZero SaaS. This provides users the ability to run a long-lived shell connection, like during a database migration, without concern for keeping the end user's device active. Idle shell connections are maintained by BastionZero for up seven days or until the user or administrator closes them. Future versions of BastionZero will provide the administrator the ability to control this time frame.
zliMrZAP protocol. When a user logs out of BastionZero, all SSH tunnels are terminated. In addition, if a user's authentication token is invalidated by the IdP for any reason (like a 1 hour
ID_tokenexpiration), SSH tunnels will also be invalidated.
keepaliveacross the websocket. This
keepaliveis used to determine whether the target is online or offline by the BastionZero SaaS. If a target goes offline no new connection attempts are made and all existing connections are closed.
zli. By default, BastionZero records
stdout. However, the administrator has the option to also record
kubectlactions, including shell exec, against the cluster. An IdP user may assume a particular cluster role, based on policy. This role can be defined as a particular target user or target group depending on whether a user or group was specified when the k8s role binding was made. BastionZero is very flexible in this regard, and the k8s command logs will again disambiguate which IdP user executed which
kubectlcommand within a particular user or group to role binding.
zliclients. Regardless of whether an end user uses
zli, BastionZero records the timestamp, IdP user, target cluster, target user or group, and API associated with the command. When the
zliis used, BastionZero also records the command text associated with the command. Further, when the
zliis used to exec into a container, BastionZero will record that shell command text as well.
[email protected] deleted target. Closed connection events are also the result of closing or terminating SSH tunnels or native TCP connections.
zli-based shell connection. In these cases, the shell is still running on the BastionZero SaaS, but the client is no longer active. By re-authenticating to the web app or by attaching in the
zli, the connection is restored and a connected event is generated.