Unix Services, Information Technology Division, ITD

Unix Services

Homepage

General Information

Helpdesk

FAQs

BNL Site Index

Need Help

Call the Helpdesk for 24x7 support
Bus: 631.344.5522
Fax: 631-344-2140
Email: itdhelp@bnl.gov

SSH Gateways

Secure Shell (SSH) is a network protocol that facilitates secure data exchange between networked devices. By establishing a secure channel between a local and a remote computer, SSH exchanges information securely by using data encryption and message authentication codes.

BNL policy dictates that you use an official SSH gateway to enter the lab network with SSH. To make moving around from computer to computer faster and easier, advanced users may want to put their SSH keys on the gateway [instructions]. That allows you to have single sign-on capabilities.

NOTE: The SSH gateways are not designed for file storage. Transferring large data sets should be accomplished by tunneling.

The Laboratory has several SSH gateways. The addresses to reach the SSH gateways are:

ssh.bnl.gov (main gateway)
ssh.bluegene.bnl.gov (Bluegene users only)
ssh.pbn.bnl.gov	(CAD users only)
ssh.qcdoc.bnl.gov (QCDOC users only)

If you are trying to reach the gateways from inside the Laboratory for any reason, the address is:

ssh.sec.bnl.local (main gateway)
ssh.bluegene.bnl.local (Bluegene users only)
ssh.pbn.bnl.local (CAD users only)
ssh.qcdoc.bnl.local (QCDOC users only)

Note: In order to use the SSH Gateway you must have an SSH client installed first. We recommend the latest version of OpenSSH for UNIX users and the latest version of PuTTY for Windows ( command line ) or WinSCP ( GUI ) users. The SSH gateway also supports RSA SecureID and CRYTPOCard authentication. (Note that the CRYTPOCard is being phased out.)

If you have not signed up for an SSH account or an RSA SecureID, call the account management office at Ext. 4444 for assistance.

Instructions for using the SSH gateways

If you need assistance installing the appropriate SSH client contact the helpdesk (x5522).

To use the SSH Gateway as an entry/exit point you need to:

Setup an account on an SSH Gateway. This can be done by calling the Account Management Office at extension 4444
Test this account by attempting to connect to the SSH gateways
Each time you want to SSH into or out of the lab simply logon to your account on the SSH Gateway first.

To test this account:

users:~> ssh user@ssh.bnl.gov
The authenticity of host 'ssh.bnl.gov (130.199.3.131)' can't be established.
RSA key fingerprint is 11:0e:ac:b5:33:17:92:66:b4:0e:1a:73:9a:a6:23:95.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ssh.bnl.gov' (RSA) to the list of known hosts.

Password:

After your password is entered correctly, you will be able to ssh to
another machine within the Laboratory:

user@sshvip1:~$ ssh user@somehost.bnl.gov
The authenticity of host 'somehost.bnl.gov (xxx.xxx.xxx.xxx)' can't be established.
DSA key fingerprint is ef:30:09:34:e5:5b:c2:e6:92:b9:a1:2e:02:cf:82:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'somehost.bnl.gov,xxx.xxx.xxx.xxx' (DSA) to the list of known hosts.

user@somehost.bnl.gov's password:

The RSA key fingerprint for "ssh.bnl.gov" is
11:0e:ac:b5:33:17:92:66:b4:0e:1a:73:9a:a6:23:95

Instructions for putting SSH keys on the SSH Gateway

Windows 7, Vista, XP

Unix (protocol 2)
A guide for using SSH

Windows 7, Vista, XP

Last Modified: February 14, 2011
Please forward all questions about this site to: Web Services