Note: This web site is only kept up to date for OSG Software 1.2 (VDT 2.0.0). If you are looking for information for the most recent release, the RPM-based OSG Software 3.0, please see the OSG documentation web site

vdt-bastion.cs.wisc.edu

Purpose

The vdt-bastion.cs.wisc.edu computer is our gateway to the VDT computers. Log into this computer first. Do not use nmi-net or any other nmi-* computer unless absolutely necessary (like if vdt-bastion goes down.)

Nifty SSH config

If you'd like to apparently ssh directly to the VDT computer, you can put this in your ~/.ssh/config:

Host vdt-*
ProxyCommand ssh bastion-vdt nc %h %p
If you want to get fancier, you can multiplex your connections to the computer. This speeds up your later logins.
Host vdt-*
ProxyCommand ssh bastion-vdt nc %h %p
ControlPath ~/.ssh/master-%l-%r@%h:%p
ControlMaster auto
If you want to use your web browser, you can forward from https://localhost:8443 to the remote VDT computer. Your web browser will complain about the host-certificate not matching the hostname you entered--that's expected. If you log into more than one VDT computer, this will only work for the first one you logged into.
Host vdt-*
ProxyCommand ssh bastion-vdt nc %h %p
ControlPath ~/.ssh/master-%l-%r@%h:%p
ControlMaster auto
LocalForward 9999 localhost:8443

Hostname

For your ssh_config convenience, this computer is also known as bastion-vdt.

Ownership

Unlike other VDT computers, this computer has a public interface on the Internet. Therefore it is maintained (kept up to date, problems fixed, security maintained) by the Condor Infrastructure Group.

VDT Team Responsibilities and Privileges

We are allowed to have root/sudo on the computer. Treat it respectively--do not run new services on the computer (they may be a security risk) without checking with the infrastructure group.

We can create accounts for collaborators. If they are not clearly long-term collaborators, we should create the accounts so that they expire (useradd --expiredate ...) and need to be renewed explicitly.