Bastion

A bastion is the main host on any given network for external users to log into. From the bastion, system administrators access other hosts on the same internal subnets.

While a bastion may not be the only host on a network with a public IP, it tends to be the only one with SSH enabled. Other public nodes are typically frontend web servers.

To verify fingerprints, refer to Help:SSH Fingerprints.

• bast1003.wikimedia.org in the eqiad data center in Virginia, United States
• bast2003.wikimedia.org in the codfw data center in Texas, United States
• bast3007.wikimedia.org in the esams data center in Amsterdam, The Netherlands
• bast4005.wikimedia.org in the ulsfo data center in San Francisco, United States
• bast5004.wikimedia.org in the eqsin data center in Singapore
• bast6003.wikimedia.org in the drmrs data center in Marseille, France
• bast7001.wikimedia.org in the magru data center in São Paulo, Brazil

Map of bastion hosts

codfw

eqiad

esams

ulsfo

eqsin

drmrs

magru

• Production shell access#SSH configuration
• List of Bastion hosts in Wikimedia clusters
• Read about "Bastion host" on Wikipedia

• experimental Bash script for local users to detect the correct bastion and auto-fix config: https://people.wikimedia.org/~dzahn/bastion.sh.txt