Bastion Host

Given the lack of free IPs and the need to strenghten the security of the GNOME Infrastructure a bastion.gnome.org host has been setup. It's currently managing:

  1. VPN connections
  2. Centralized SSH connections
  3. Web proxy (Squid)

Instructions for SSH connections

Accessing GNOME machines can be done by adding the following entries into your /home/user/.ssh/config file:

Note: Make sure to do the needed substitutions and use your UID for connecting. In the example, the UID is set to be av.

Host bastion.gnome.org
     ProxyCommand none
     ForwardAgent no

Host vpn.*.gnome.org 
     User av
     ProxyJump bastion.gnome.org

Connecting to the relevant machine will be as easy as doing:

ssh vpn.$machine_name.gnome.org

Instructions for VPN connections (Sysadmins only)

Note: If you find issues with this procedure, there's a more detailed guide at ../SOP/VPNConnectionGNOME.

Connecting to the GNOME's VPN can be done by following these steps:

  1. Login to bastion.gnome.org

  2. sudo -s && cd /etc/openvpn/easy-rsa

  3. ./easyrsa build-client-full sysadmin-youruserid (i.e av, ovitters, puiterwijk, otaylor)
  4. Set up your openvpn client by downloading the certs you've just created. (they're available at /etc/openvpn/easy-rsa/pki/{issued,private}).

  5. Connect to the VPN

Infrastructure/Bastion (last edited 2020-11-04 13:58:25 by AndreaVeri)