vdt-bastion.cs.wisc.edu computer is our gateway to
the VDT computers. Log into this computer first. Do not use
nmi-net or any other
nmi-* computer unless
absolutely necessary (like if
vdt-bastion goes down.)
If you'd like to apparently ssh directly to the VDT computer, you can
put this in your
Host vdt-* ProxyCommand ssh bastion-vdt nc %h %pIf you want to get fancier, you can multiplex your connections to the computer. This speeds up your later logins.
Host vdt-* ProxyCommand ssh bastion-vdt nc %h %p ControlPath ~/.ssh/master-%l-%r@%h:%p ControlMaster autoIf you want to use your web browser, you can forward from
https://localhost:8443to the remote VDT computer. Your web browser will complain about the host-certificate not matching the hostname you entered--that's expected. If you log into more than one VDT computer, this will only work for the first one you logged into.
Host vdt-* ProxyCommand ssh bastion-vdt nc %h %p ControlPath ~/.ssh/master-%l-%r@%h:%p ControlMaster auto LocalForward 9999 localhost:8443
ssh_config convenience, this computer is also
known as bastion-vdt.
Unlike other VDT computers, this computer has a public interface on the Internet. Therefore it is maintained (kept up to date, problems fixed, security maintained) by the Condor Infrastructure Group.
We are allowed to have root/sudo on the computer. Treat it respectively--do not run new services on the computer (they may be a security risk) without checking with the infrastructure group.
We can create accounts for collaborators. If they are not clearly
long-term collaborators, we should create the accounts so that they
useradd --expiredate ...) and need to be