Perimeter Host

CGD resources are contained within a security perimeter. In order to access those resources remotely, users have two means of traversing the perimeter: VPN or Perimeter Host. For detailed information on using the VPN, see the Remote connections VPN page.

CGD has two perimeter hosts available for remote login:

  • goldhill.cgd.ucar.edu
  • moffatt.cgd.ucar.edu

Logging into these hosts requires an SSH client and a yubikey or cryptocard. Apple Macintosh and Linux systems typically have an SSH client built in, on MS Windows you can use Putty.

If you already have a terminal client on your system, starting an SSH session is as easy as:

ssh username@goldhill.cgd.ucar.edu

Keep in mind, if you are logged into a remote system under a different username than your CGD username, your attempts at logging in will be rejected, thus it's usually safest to use the username@system notation.

If you mess up your username, you will be locked out immediatly and you will have to contact the systems staff to re-enable your connection.

If you do mess up your password three times in a row, you will be locked out. At that point you will need to contact the system staff to re-enable your account.

If you plan on popping back an X-session, include the following:

ssh -X -Y username@goldhill.cgd.ucar.edu

Once logged in to goldhill or moffatt, you can SSH to other systems inside the perimeter, you can mount /project directories, or read your email using alpine or mutt.