Information on the SSH Gateways at the SDCC
The SSH gateways at the SDCC are the primary "doors" into the SDCC facility. They are only to be used to gain access to the facility, and are not designed for data transfers or interactive sessions. Once you have logged into an SSH gateway, you can continue your connection through to another internal system via SSH. The legacy RHIC and US ATLAS SSH gateways have been deprecated and consolidated into the single set of SDCC SSH gateways.
Before starting your SSH session, enable SSH agent forwarding to have your public SSH key follow your session through each connection.
The SDCC SSH gateways can be accessed via the ssh.sdcc.bnl.gov alias, which automatically maps your connection to one of the multiple back end servers to provide load balancing and higher availability. A specific back end SSH server can be accessed explicitly by using its specific hostname, but it is recommended, whenever possible, to use the load-balanced 'ssh' alias. Note that each back-end server has its own set of home directories, that is the home directories are not shared among gateway systems. At this time, the available back end servers are as follows:
| Hostname | Backend Hostnames |
| ssh.sdcc.bnl.gov | ssh01.sdcc.bnl.gov ssh02.sdcc.bnl.gov ssh03.sdcc.bnl.gov ssh04.sdcc.bnl.gov |
For slightly easier navigation, the facility supports Kerberos-based single sign-on. Running `kinit` and providing your Kerberos password will provide you with a Kerberos "ticket-granting ticket" (TGT)., which can used for all subsequent requests for authentication when connecting via SSH to other internal systems.
For BNL campus network access, we also provide another set of SSH gateways (note that the campus network is somewhat isolated and does not have access to most of the SDCC computing resources):
| Hostname | Backend Hostnames |
| cssh.sdcc.bnl.gov | cssh01.sdcc.bnl.gov cssh02.sdcc.bnl.gov |
User shell sessions on the SSH gateways are restricted, as they are intended as gateways to access other resources, and not to be used as general-purpose machines.
Once on an SSH gateway, you can use the `rterm` command to start an xterm session to one of the destination interactive nodes allocated to your experiment, or if you prefer, `rterm -i` to connect within your existing session and without launching an xterm window. If you require direct access to a specific experiment node for some reason, please consult your experiment's documentation for a list of interactive nodes appropriate for your use, or contact your experiment liaison.
See our cluster gateway information to access to any of the SDCC computing clusters.