The only way to access Blue Gene computing resources remotely (outside the Blue Gene network enclave) is through the Blue Gene ssh gateways. Even users connecting from inside the BNL campus network need to go through the gateways.
|Outside the BNL campus the gateways are known as:||ssh.bluegene.bnl.gov|
|Inside the BNL campus they are known as:||ssh.bluegene.bnl.local|
Note: CryptoCard token access has been terminated. All Blue Gene users must now use RSA SecureID. Please call the Account Management Office at 631-344-4444 for assistance.
A "two factor authentication" method must be used to access any of the BNL ssh gateways. In order to access the Blue Gene ssh gateways remotely, users must have:
Instructions on how to obtain a SecureID account and a Blue Gene ssh gateway account are listed in Requesting an Account .
Having both the above accounts set up, users should then ssh to the Blue Gene gateways. When prompted:
You must use a different tokencode for each attempt you make to ssh into the Blue Gene gateways. Please note, a new tokencode appears in the RSA SecureID token display every 60 seconds. If you fail to login with an incorrect tokencode, wait for the tokencode to change. Then enter the new tokencode.
The most common reasons for repeated login failures are:
There are two Front-End nodes (FEN): one for the 18-rack Blue Gene/L machine known as fen.bluegene.bnl.gov and one for the 2-rack Blue Gene/P machine known as fenp.bluegene.bnl.gov. Both nodes can be accessed from the Blue Gene ssh gateways.
For the 1-rack Blue Gene/Q, there is a front end node, fenq.qcdoc.bnl.gov, which is also accessed from the Blue Gene ssh gateway.
A "two factor authentication" is required to access the BG/L and BG/P and BG/Q Front-End nodes from the gateway. Users' should generate an ssh key pair on the Blue Gene ssh gateways (using ssh-keygen -t dsa) and email the generated public key to the admins (firstname.lastname@example.org).
Users who have trouble emailing their public ssh key can upload it to the Blue Gene ftp site ftp.bluegene.bnl.gov. The site is accessible from the ssh gateways. For more information, please contact the Admins.
The users will receive an email notification from the Blue Gene admins when the user's public key is deployed. The users should then be able to access the Front-End nodes (for BG/L and BG/P and BG/Q) from the Blue Gene ssh gateways:
The default location of the generated ssh keys is in the user's .ssh directory. The default private key filename is .ssh/id_dsa while the default public key filename is .ssh/id_dsa.pub.
However, if you did specify a filename when the keys were generated (when running ssh-keygen) you should provide the location of the private key using the ssh -i option when trying to ssh to the front-end node.
Once the user's public key is deployed on the Front-End nodes (FEN), the user should be able to access the visualization cluster from the Blue Gene ssh gateways:
The user home directories are the same on the FENs and the visualization cluster.