Bastion
Appearance
A bastion is the main host on any given network for external users to log into. From the bastion, system administrators access other hosts on the same internal subnets.
While a bastion may not be the only host on a network with a public IP, it tends to be the only one SSH enabled. (Others public nodes are typically access routes to web services).
bast1003.wikimedia.org
in the eqiad cluster in Virginia, United Statesbast2003.wikimedia.org
in the codfw cluster in Texas, United Statesbast3007.wikimedia.org
in the esams cluster in Amsterdam, The Netherlandsbast4005.wikimedia.org
in the ulsfo cluster in San Francisco, United Statesbast5004.wikimedia.org
in the eqsin cluster in Singaporebast6003.wikimedia.org
in the drmrs cluster in Marseille, Francebast7001.wikimedia.org
in the Magru_data_center in São Paulo, Brazil
See also
- Production shell access#SSH configuration
- List of Bastion hosts in Wikimedia clusters
- Read about "Bastion host" on Wikipedia
- experimental Bash script for local users to detect the correct bastion and auto-fix config: https://people.wikimedia.org/~dzahn/bastion.sh.txt