Which protocol should be open to access the bastion host?

The bastion host is a secure server that acts as a gateway between an external network and an internal network. It typically provides a way for remote users to connect securely to a private network. The chosen protocol for accessing a bastion host is SSH (Secure Shell), which operates over port 22. This protocol is specifically designed for secure remote login and command execution, ensuring that data is encrypted during transmission, which is crucial for maintaining network security.

Connecting to a bastion host involves gaining remote access to it, which is why port 22 is utilized, given that it supports secure logins. Other common ports mentioned, such as port 80 (HTTP), port 443 (HTTPS), and port 3306 (MySQL), serve different purposes: port 80 is for unencrypted web traffic, port 443 for encrypted web traffic, and port 3306 for database connections. These are not typically used for securing remote server access. Hence, port 22 is the proper choice for accessing a bastion host securely.