Oracle Cloud Infrastructure Quick Tip – Use the Bastion Service with MobaXterm

Mobatek’s MobaXterm is my favorite terminal for the daily work. It supports a lot of protocols like SSH, RDP, VNC, integrates X11 and SFTP and many more. And, MobaXterm can be used to connect to your OCI compute instance by the Oracle Cloud Infrastructure Bastion Service and the Managed SSH Session feature.


  • OCI Compute Instance running in a private subnet
  • OCI Bastion plugin enabled on Compute Instance – be patient when you enable it for the first time and fulfill the requirements for the agent
  • The VCN has a Service Gateway attached
  • The Subnet allows network connection from the Bastion Service private endpoint IP address – See Allowing Network Access From the Bastion (

Link: Oracle Cloud Infrastructure Documentation – Bastion Overview (

Create a Bastion

Create a new bastion and select your target VCN and subnet. In this example, I added my public IP in the CIDR block allow list to allow only connections from my client. I do not recommend to add there.

Create Session

Fill in the details to create a bastion host session. After some minutes, the session is ready to use. The SSH key is the key you use to connect to the bastion host. NOT to the target compute instance. Do not use the same key for both connections.


View SSH command

Here you can see the details of the connection. Oracle creates a random generated username for a login to a bastion service host in your region. In my example the host was created.

To configure a MobaXterm session, we need these information:

  • Bastion hostname –
  • Bastion host username –
  • Target host IP-

MobaXterm Configuration

Basic SSH settings

  • Remote Host = Target host IP
  • Specify Username = opc

Note: The username is based on the selected operating system in Oracle Cloud Infrastructure. In this example, for the Oracle Linux 8 Compute Instance, it’s just user opc.

Tab Advanced SSH settings

Enable Use private key and select the SSH key which is used for Compute Instance provisioning

Tab Network settings

Create a new SSH gateway (jump host).

Define one or several SSH jump hosts

  • Gateway host = Bastion gateway provided by OCI
  • Username = Bastion username provided by OCI
  • Use SSH Key = SSH which we have uploaded for session creation

Connection Test

Finally the session can be used to connect to the Oracle Cloud Infrastructure Compute Instance via Bastion Service.

Some Blog Posts about the Bastion Service


A bastion host is a nice opportunity to connect into a private subnet as an external user. The bastion session duration of 3 hours is absolute ok for me to do some maintenance or support tasks. Take care to set a correct CIDR allow list and protect your SSH keys, a bastion host can be a backdoor into your network! #safetyfirst