Client Configuration for Campus Access
To configure your email client to connect to the SDCC mail server and authenticate with your account credentials from within the BNL campus:
How to Use NX at the SDCC
NoMachine/NX is X Window system acceleration technology that should improve the usability of X based applications over the wide area network. The SDCC NoMachine instance is deployed as a multi-node environment (consisting of Enterprise Terminal Server and Terminal Server Nodes), allows for load balancing and automatic or manual selection of server nodes.
Instructions for OTP Token Generation and NX Client Setup
Users must log in to NX sessions using both their Kerberos password and an OTP token.
How to generate SSH key pairs
SSH keys are generated using the ssh-keygen program on Linux/Unix/ MacOS/Cygwin, or with PowerShell / PuTTYgen on Windows. For Windows users please go here
Please ensure that the 'Number of bits in a generated key' is 2048 or larger or your key will be rejected.
Information on the SSH Gateways at the SDCC
The SSH gateways at the SDCC are the primary "doors" into the SDCC facility. They are only to be used to gain access to the facility, and are not designed for data transfers or interactive sessions. Once you have logged into an SSH gateway, you can continue your connection through to another internal system via SSH. The legacy RHIC and US ATLAS SSH gateways have been deprecated and consolidated into the single set of SDCC SSH gateways.
Information about SFTP Gateways
Users should connect to sftp.sdcc.bnl.gov in order to access the SFTP gateways and transfer files.
There are many graphical clients available, such as WinSCP and Cyberduck, that users can download and install.
The Kerberos Network Authentication Protocol is used by the SDCC to provide password-based authentication of users for many SDCC services. For most purposes at the SDCC users do not directly interact with Kerberos, it is only used behind the scenes as a password verification service. However, there are three situations where the users directly interact with Kerberos; when using the AFS file systems at the SDCC, when using the GSSAPI enabled ssh for interactive "single sign-on" and when using the Kerberos based interfaces to HPSS.
About the facility migration to the SDCC Kerberos5 realm, and the Identity, Policy, and Audit (IPA) management system for authentication and authorization
On December 11, 2018, at 10:00 AM EST, the SDCC/RACF moved our password-protected systems and services to a new, unified authentication system: IPA. In order to access facility services, users will need to register a password in the new IPA authentication system if they have not done so already
A few of the more common problems with connecting to a remote X11 window session via SSH:
X11 Forwarding
You may not have enabled X11 session forwarding in either your SSH configuration files, or directly in your SSH client application. On the file system, this can be configured in either, or both, of two configuration files:
