Bastion

A bastion is the main host on any given network for external users to log into. From the bastion, system administrators access other hosts on the same internal subnets.

While a bastion may not be the only host on a network with a public IP, it tends to be the only one SSH enabled. (Others public nodes are typically access routes to web services).

• bast1003.wikimedia.org in the eqiad cluster in Virginia, United States
• bast2003.wikimedia.org in the codfw cluster in Texas, United States
• bast3006.wikimedia.org in the esams cluster in Amsterdam, The Netherlands
• bast4004.wikimedia.org in the ulsfo cluster in San Francisco, United States
• bast5003.wikimedia.org in the eqsin cluster in Singapore
• bast6002.wikimedia.org in the drmrs cluster in Marseille, France

Map of bastion hosts

eqiad

codfw

esams

ulsfo

eqsin

drmrs

• Production shell access#SSH configuration
• List of Bastion hosts in Wikimedia clusters
• Read about "Bastion host" on Wikipedia

• experimental Bash script for local users to detect the correct bastion and auto-fix config: https://people.wikimedia.org/~dzahn/bastion.sh.txt