You are here: Home User Information Facility Services Ssh Service Ssh Gateways

Ssh Gateways

by Shigeki Misawa last modified Dec 20, 2016 04:31 PM
Contributors: John McCarthy, John DeStefano
Information on the Ssh Gateways at the RACF

The Ssh gateways at the RACF are the primary interactive "doors" into the RACF facility. They should only be used to gain interactive access to the facility, they are NOT designed for data transfers (aka scp access). Once you have logged into an Ssh gateway, you can hop to the internal system of your choosing via ssh.

The RHIC/LSST SSH gateways can be accessed via the hostname; the US ATLAS SSH gateways can be accessed via the hostname; the SDCC SSH gateways can be accessed via the hostname. Each of these hostnames maps to one of multiple back end servers to provide load balancing and higher availability. A specific back end SSH server can be accessed explicitly by using its specific hostname. Note that each back end server has its own set of home directories, that is the home directories are not shared among gateway systems. At this time, the available back end servers are as follows:

Hostname Backend host names

For slightly easier navigation, the facility supports Kerberos-based single sign-on. Running rkinit (RHIC/LSST gateways) or akinit (US ATLAS gateways), and providing your Kerberos password, will provide you with a Kerberos "ticket-granting ticket" (TGT). This Kerberos TGT will be used for all subsequent requests for authentication when SSH-ing into internal systems.

Note that user shell sessions are restricted on these machines, as they are intended as gateways to access other resources, and not to be used as general purpose machines.

Document Actions