Information on the Ssh Gateways at the RACF

The SSH gateways at the SDCC are the primary interactive "doors" into the SDCC facility. They should only be used to gain interactive access to the facility, they are NOT designed for data transfers (aka SCP access). Once you have logged into an Ssh gateway, you can hop to the internal system of your choosing via ssh. The old RHIC & USATLAS SSH gateways have been deprecated and consolidated to the single set of SDCC SSH gateways.

The SDCC SSH gateways can be accessed via the ssh.sdcc.bnl.gov hostname. Each of these hostnames maps to one of the multiple back end servers to provide load balancing and higher availability. A specific back end SSH server can be accessed explicitly by using its specific hostname, but that is NOT recommended. It is better, whenever possible, to use the load-balanced name. Note that each back-end server has its own set of home directories, that is the home directories are not shared among gateway systems. At this time, the available back end servers are as follows:

Hostname Backend Hostnames
ssh.sdcc.bnl.gov

ssh01.sdcc.bnl.gov

ssh02.sdcc.bnl.gov

ssh03.sdcc.bnl.gov

ssh04.sdcc.bnl.gov

 

For slightly easier navigation, the facility supports Kerberos-based single sign-on. Running kinit and providing your Kerberos password, will provide you with a Kerberos "ticket-granting ticket" (TGT). This Kerberos TGT will be used for all subsequent requests for authentication when SSH-ing into internal systems.


For BNL campus network access, we also provide another set of SSH gateways (note, the campus network does not have access to most of the SDCC computing resources):

Hostname Backend Hostnames
cssh.sdcc.bnl.gov

cssh01.sdcc.bnl.gov

cssh02.sdcc.bnl.gov

 

Note that user shell sessions are restricted on these machines, as they are intended as gateways to access other resources, and not to be used as general-purpose machines.