Knowledge Center

How to access ePO and Agent Handler Instances through a Bastion instance using PuTTY
Technical Articles ID:   KB90847
Last Modified:  8/28/2018


McAfee ePolicy Orchestrator (ePO) 5.10


Remote Access to ePO and Agent Handler Instances through Bastion Instance using PuTTY.

  • Download and install PuTTY from the PuTTY download page. www.chiark.greenend.org.uk/~sgtatham/putty/
    If you already have an older version of PuTTY installed, we recommend that you download the latest version. Make sure that you install the entire suite.
  • You must have the details about the Bastion Instance:
    • Public IP address or DNS).
    • Private IP address of the ePO Application Server instance.
    • Agent Handler (AH) instance or DXL broker instance, which can be obtained from the respective Cloud Formation stack Outputs tab. 
  • You need access to the AWS Key pair used during the deployment. This key pair is required to obtain the Password for the remote ePO/AH instances through the AWS console.


How to log on to the stack components:

  1. Run PuTTYgen
  2. From the menu click Conversation, Import Key.
  3. Click Save private key and save the PPK file to a secure location of your choice.
  4. Run the main PuTTY client
  5. In the Category left pane, select Sessions.
  6. From the Host name (or IP address) field, set the host name or IP address for the bastion-server-dns.

  7. In the Category left pane, expand Connection and select Data.
  8. On the Connection Data panel, set the Auto-login user name to centos.

  9. In the Category left pane, expand Connection, SSH, and select Auth.
  10. On the Auth panel, set Private key file for authentication to the path where you saved the PPK file. Or, click Browse.

  11. In the Category left pane, expand ConnectionSSH, and select Tunnels.
  12. On the Tunnels panel, choose a local port not in use for each host:port tunnel that you want to establish:
    • Source port field - The localhost port to which you will connect.
    • Destination field - The ePO server or Agent Handler Host IP address you will connect to, in hostname:port format.
      NOTE: You can obtain the ePO Application Server instance and Agent Handler instance IP address from the respective stack Outputs or EC2 instance details.
    • Click Add for each host you want to be part of in your saved configuration.
NOTE: You can add multiple remote hosts like Agent Handler to establish the tunnel connection; then save the session configuration.

  1. To save the connection parameters for future use:
    1. In the Category left pane, select Sessions.
    2. On the Session panel, under Saved Sessions, type a name into the field.
    3. Click Save.
    4. When you are ready to continue, you click Open at the bottom of the panel. A connection window opens to a non-interactive SSH session.
      IMPORTANT: Leave the window open (you can minimize it to get it out of the way, but don't close the window until you are ready to end your session).
    5. To verify if the tunnel has been established, view the Putty Event Log.

    6. If a tunnel has been established, save the configuration.

Access via a Windows Remote Desktop Protocol (RDP) session:

  1. Open Windows Remote Desktop Connection to the host you specified in the Tunnels section, above.
  2. Choose localhost for the Computer field and the tunneled port (example: localhost:9001).
  3. Specify the User Name as administrator and when prompted, enter the password using the key pair (obtained from the AWS Console).

Access via Linux session

  1. Open a new PuTTY dialog box and configure a new secure shell connection to each host. For example: DXL broker instance, as specified in the Tunnels section above.
  2. On the Session panel, choose localhost for the Host Name field and the tunneled port (example: 9002).

  3. In the Category left pane, expand ConnectionData panel.
  4. On the data panel, set the Auto-login user name to centos.
  5. In the Category left pane, expand ConnectionSSH, and select Auth.
  6. On the Auth pane, set Private key file for authentication to the path at which you saved the PPK file in the steps above. Or, click Browse.

Rate this document

Affected Products

Beta Translate with

Select a desired language below to translate this page.


This article is available in the following languages:

English United States
Spanish Spain

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.