General Information

Top of Page

One-hop Logins and File Transfers in Windows to fen using Putty and SSH Tunneling

Back to SSH Tunneling

Note: CryptoCard token access has been terminated. All Blue Gene users must now use RSA SecureID. Please call the Account Management Office at 631-344-4444 for assistance.

One-hop Logins to fen

This is a procedure for login directly to the fen using Putty on a Windows PC.

It was tested using what at the time of this writing was the latest release version (beta 0.60) of the putty binary from the putty download site. At the moment it has only been tested using Windows 2000.

  1. Open Putty, by default it opens in the Session category.
    In the hostname field enter ssh.bluegene.bnl.local .
    The port field should already be populated with 22 .
    Under Protocol select ssh .
    In the Saved Sessions field enter tunnel, then press the Save button.
      putty1_screenshot
     
  2. Navigate to the SSH-X11 category. Check the Enable X11 Forwarding box there.
      putty2_screenshot
     
  3. Navigate to the SSH-Tunnels category.
    Specify some port number greater than 1024 for Source port, e.g. 20022 .
    For Destination specify fen.bluegene.bnl.gov:22 .
    Press the Add button. The Source port and Destination fields will then become blank and the Forwarded ports: field will become populated with that information, as depicted below.
    Press the Open button.
      putty3_screenshot
  4. A window should appear prompting you for your Blue Gene SSH gateway username. Then you'll be prompted for your password. Provide it in the way you normally do to access the gateway, i.e. use your CryptoCard to generate a password and enter it.

    Leave this window open on your desktop, it is needed as part of enabling one-hop access to the fen from your Windows PC. But close it that day (and any other windows to the Blue Gene ssh gateway or fen or fenp that you may have open) when you finish your work for the day, for security reasons. It is a tunnel to the NY Blue ssh gateway.
      putty4_screenshot
  5. Open another Putty.
    In the hostname field enter localhost, and in the Port field enter 20022 (or whatever port number greater than 1024 that you had entered in SSH - Tunnels - source port during the first Putty session).
      putty5_screenshot
  6. In this second putty session select Enable X11 Forwarding in SSH - X11. This panel was already been depicted in the screen shot for step 2 above.
     
  7. The screen shot for steps 7 through 9 is depicted in step 9.
    Open Puttygen.
    In the Parameters section select SSH-2 DSA .
     
  8. Next in Puttygen, press the Generate button, then in the Key section move the mouse to generate some randomness while the key is being generated .
     
  9. Next while still in Puttygen, in the Key passphrase field enter a passphrase of your own choosing. Enter it again in the Confirm passphrase field.
      putty6_screenshot
  10. Next while still in Puttygen, press the Save Public Key button.
    In the Filename field in the resulting dialog box enter putty.pub, as depicted below .
    Press the Save button. You have now saved your public key.
      putty7_screenshot
  11. Next while still in Puttygen, press the Save Private Key button.
    In the Filename field in the resulting dialog box enter putty, as depicted below .
    Press the Save button. This will save your private key in a file named putty.ppk
    Close puttygen.
      putty8_screenshot
  12. Login to the fen in the way that you normally would, i.e. through the gateway.
    Then do: cd ~/.ssh
     
  13. Append the public key in putty.pub to the end of the file ~/.ssh/authorized_keys on the fen, as follows:
     
    To do this, first create a backup copy of ~/.ssh/authorized_keys.
    Then open putty.pub on your Windows PC and select Edit - Select All, and then Edit -Copy.
    Then paste it into ~/.ssh/authorized_keys on the fen.
     
    Windows 7 Users: Don't open putty.pub on your PC, instead copy the public key directly from the "Key" section of the puttygen window (depicted in item 9 above) and paste it into ~/.ssh/authorized_keys on the fen.
     

    IMPORTANT NOTES:
    The public key in ~/.ssh/authorized_keys must be one long line, with no line breaks until the end of the line, so use your editor to remove all embedded line breaks. Removing all embedded line breaks is an error-prone process, so be careful.

    Any comment lines preceding or following the public key proper should each contain one line break at their end, so you shouldn't need to remove any embedded line breaks in them.
    Here "public key proper" refers to the line containing the public key itself, i.e. the line containing the "crazy long string of characters".

  14. Prepend the resulting "public key proper" in ~/.ssh/authorized_keys with:
    ssh-dss
    There should be one blank space following the prepended ssh-dss, for example the first several characters might look like:
    ssh-dss CCVAB9Ny
    Do NOT also prepend ssh-dss to any comment lines preceding or following the public key proper: only prepend the public key proper, i.e. only prepend the line containing the "crazy" long string of characters.
     
  15. In the second putty session that you had earlier opened (in step 5), select ssh-auth .
    Press the Browse button that is below and to the right of the
    Private key file for authentication:
    field.
    This Browse button is shown in the first screen shot below.
    Find and select putty.ppk, which is the private key that you saved earlier (in step 11 ), then press the Open button.
    Go to category Session and in the Saved Sessions field enter fen, for easier invocation in the future. This is shown in the second screen shot below.
    Then press the Save button.
    Return to category SSH-Auth and press the Open button.
      putty9_screenshot putty10_screenshot
  16. A login window to the fen should appear.
    You will be prompted for your fen username, then for the passphrase that you established in step 9 in puttygen .
     
    Note: If you are prompted instead for a password, there is a problem. Verify that you performed steps 13 and 14 correctly, and that you followed all 16 steps in the order indicated on this page.
      putty11_screenshot
  17. You have accomplished your goal. In steps 15 and 16 you logged into the fen in one hop, i.e. you didn't need to log into the NYBlue ssh gateway first, and from there log in to the fen.

Top of Page

One-hop File Transfers From Windows to fen

This is a procedure for file transfer directly between the NY Blue fen and a Windows PC, using pscp on the latter.

Example One below transfers a file pcfile.txt from a Windows PC to the fen.

It presumes that the user has accomplished steps 1 through 4, and 7 through 14, of the One-hop logins to fen procedure . Those are the steps that establish an NY Blue ssh gateway tunnel, and generate and save the needed Putty SSH keys .

In Example One, pscp has been invoked in a Command Prompt window brought up in the Start menu on the Windows PC.

Note that the port number from step 3 above is specified, using the -P flag .

Note also that the full path and file name specification for the private key on the Windows PC (from step 11 above) is specified, using the -i flag.

The -v flag (pscp verbose mode) is optional.

Note: A better folder to locate putty on the Windows PC than the folder used in this example might be
C:\Documents and Settings\johndoe\My Documents .

Example One:

Z:\> "C:\puttyjune2009\pscp.exe" -P 20022 -i "C:\puttyjune2009\putty.ppk" -v "C:\temp\pcfile.txt" johndoe@localhost:/gpfs/home1/johndoe
Looking up host "localhost"
Connecting to 127.0.0.1 port 20022
Server version: SSH-2.0-OpenSSH_4.1 We claim version: SSH-2.0-PuTTY_Release_0.60
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-1
Host key fingerprint is:
ssh-rsa 1024 ce:f8:5c:08:6c:b6:5a:d7:c0:fc:9c:9e:33:af:78:1f
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Reading private key file "C:\puttyjune2009\putty.ppk"
Using username "johndoe".
Offered public key
Offer of public key accepted
Authenticating with public key "dsa-key-20090604"
Passphrase for key "dsa-key-20090604":
Access granted
Opened channel for session
Started a shell/command
Using SFTP
Connected to mypc.bnl.gov
Sending file pcfile.txt, size=4929
pcfile.txt | 4 kB | 4.8 kB/s | ETA: 00:00:00 | 100%
Sent EOF message
Server sent command exit status 0
Disconnected: All channels closed

Z:\>

Top of Page

One-hop File Transfers From fen to Windows

Example Two below illustrates transferring a file bgfile.c from the NY Blue fen to the Windows PC.

See Example One for additional background information.

Example Two:

Z:\> "C:\puttyjune2009\pscp.exe" -P 20022 -i "C:\puttyjune2009\putty.ppk" -v johndoe@localhost:/gpfs/home1/johndoe/bgfile.c "C:\temp"