Bastion Host

Given the lack of free IPs and the need to strenghten the security of the GNOME Infrastructure a host has been setup. It's currently managing:

  1. VPN connections
  2. Centralized SSH connections
  3. Web proxy (Squid)

Instructions for SSH connections

Accessing GNOME machines can be done by adding the following entries into your /home/user/.ssh/config file:

Note: Make sure to do the needed substitutions and use your UID for connecting. In the example, the UID is set to be av.

     ProxyCommand none
     ForwardAgent no

Host *-back
     User av
     ProxyCommand ssh -W %h:%p

Host vpn.* 
     User av
     ProxyCommand ssh -W %h:%p

Connecting to the relevant machine will be as easy as doing:

ssh $machine_name-back
ssh vpn.$

Instructions for VPN connections (Sysadmins only)

Note: If you find issues with this procedure, there's a more detailed guide at ../SOP/VPNConnectionGNOME.

Connecting to the GNOME's VPN can be done by following these steps:

  1. Login to

  2. sudo -s && cd /etc/openvpn/easy-rsa

  3. ./easyrsa build-client-full sysadmin-youruserid (i.e av, ovitters, puiterwijk, otaylor)
  4. Set up your openvpn client by downloading the certs you've just created. (they're available at /etc/openvpn/easy-rsa/pki/{issued,private}).

  5. Connect to the VPN

Sysadmin/Bastion (last edited 2018-03-09 12:22:21 by AndreaVeri)