Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity

add information about wmgt

Browse Source
This commit is contained in:
ebner
2024-01-17 14:23:54 +01:00
parent 8bf5d8c1c5
commit 991fb94e0f
3 changed files with 59 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_toc.yml
+2
View File
@@ -154,8 +154,10 @@ chapters:
- file: services-user-guide/ssh_gateways
- file: services-user-guide/nx_nomachine
- file: services-user-guide/gmgt
- file: services-user-guide/wmgt
- file: services-admin-guide/index
sections:
- file: services-admin-guide/wmgt
- file: services-admin-guide/ssh_gateways
- file: services-admin-guide/nx_nomachine
services-admin-guide/wmgt.md
+20
View File
@@ -0,0 +1,20 @@
# wmgt
The wmgt service consists of 3 servers, wmgt01 / wmgt02 / wmgt03.
wmgt01/wmgt02 are hardware servers, wmgt03 is virtual.
The locations of the hardware servers are:
wmgt01 - location datacenter west
wmgt02 - location datacenter __east__
Right now these systems are not Puppet managed!
## User Management
User management is done via the AD group - svc-wmgt_users currently there is not automated approval workflow. Up to now Tobias Marx approved who is allowed to access wmgtXX except for users from ZPT. Those users are currently added without approval.
We will change this workflow to a ServiceNow workflow. Tobias has to approve all users (without any exceptions) It would also be good if there would be a periodic review of the access list.
# Responsibilities
Hardware responsibility is within the AIT Central Infrastructure group. This includes Hardware monitoring, replacement of broken hardware as well as information/planning for the hardware lifecycle.
Operation of the service is within the responsiblity of Linux Core.
services-user-guide/wmgt.md
+37
View File
@@ -0,0 +1,37 @@
# wmgt
The wmgt service provides SSH access to machines in various isolated networks. Access is protected by MFA.
To use the service use the DNS alias __wmgt.psi.ch__.
```bash
ssh <user>@wmgt.psi.ch
```
To directly tunnel to a machine in a protected network to which wmgt gives access to you can use:
```bash
ssh -J wmgt.psi.ch <your-machine>
```
If you need to connect through wmgt often, you can add following configuration to your `~/.ssh/config` file. This will give you a persistent connection to wmgt.psi.ch that can be (re)used for multiple connections. (this way you only have to authenticate once with MFA)
```
Host wmgt-jumpost
HostName wmgt.psi.ch
ControlMaster auto
ControlPath ~/.ssh/mux-%r@%h:%p
ControlPersist 8h
```
Afterwards you can use
```bash
ssh -J wmgt-jumpost <your-machine>
```
to establish the connection.
```{note}
Be aware, if you are switching networks this persistent connection might get screwed up. In that case you have to find the connection via `ps -ef` and kill it with the `kill` command.
```