You are here: Home User Information Facility Services Ssh Service Ssh Gateways

Ssh Gateways

by Shigeki Misawa last modified Dec 20, 2016 04:31 PM
Contributors: John McCarthy, John DeStefano
Information on the Ssh Gateways at the RACF

The Ssh gateways at the RACF are the primary interactive "doors" into the RACF facility. They should only be used to gain interactive access to the facility, they are NOT designed for data transfers (aka scp access). Once you have logged into an Ssh gateway, you can hop to the internal system of your choosing via ssh.

The RHIC/LSST SSH gateways can be accessed via the rssh.rhic.bnl.gov hostname; the US ATLAS SSH gateways can be accessed via the atlasgw.bnl.gov hostname; the SDCC SSH gateways can be accessed via the ssh.sdcc.bnl.gov hostname. Each of these hostnames maps to one of multiple back end servers to provide load balancing and higher availability. A specific back end SSH server can be accessed explicitly by using its specific hostname. Note that each back end server has its own set of home directories, that is the home directories are not shared among gateway systems. At this time, the available back end servers are as follows:

Hostname Backend host names
rssh.rhic.bnl.gov rssh01.rhic.bnl.gov
rssh02.rhic.bnl.gov
rssh03.rhic.bnl.gov
rssh04.rhic.bnl.gov
atlasgw.usatlas.bnl.gov
atlasgw01.usatlas.bnl.gov
atlasgw02.usatlas.bnl.gov
ssh.sdcc.bnl.gov ssh01.sdcc.bnl.gov
ssh02.sdcc.bnl.gov

For slightly easier navigation, the facility supports Kerberos-based single sign-on. Running rkinit (RHIC/LSST gateways) or akinit (US ATLAS gateways), and providing your Kerberos password, will provide you with a Kerberos "ticket-granting ticket" (TGT). This Kerberos TGT will be used for all subsequent requests for authentication when SSH-ing into internal systems.

Note that user shell sessions are restricted on these machines, as they are intended as gateways to access other resources, and not to be used as general purpose machines.

Document Actions