SSH Gateways

Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. SSH provides confidentiality and integrity of data exchanged between the two computers using encryption and message authentication codes.

BNL policy requires that you use an official SSH gateway to enter the lab network with SSH. To make moving around from computer to computer faster and easier, advanced users may want to put their SSH keys on the gateway [instructions]. That allows you to have single sign-on capabilities.

The Laboratory has two identical SSH gateways inside a hardware load balancer. The address to reach the ssh gateways is:

ssh.bnl.gov

If you are trying to reach the gateways from inside the Laboratory for any reason, the address is:

ssh.sec.bnl.local

The load should be evenly balanced between machines, so there is no need to address them individually. You will be automatically directed to the best available machine.

Note: In order to use the SSH Gateway you must have an SSH client installed first. We recommend the latest version of OpenSSH for UNIX users and the latest version of PuTTY for Windows ( command line ) or WinSCP ( GUI ) users. The SSH gateways also support 2-part CRYTPOCard authentication, if you have signed up for both an SSH account and a CRYTPOCard token. Call the account management office at Ext. 4444 to obtain either of these.

Instructions for using the SSH gateways

If you need assistance installing the appropriate SSH client contact the helpdesk (x5522). 

1. To use the SSH Gateway as an entry/exit point you need to:

• Setup an account on the SSH Gateway. This can be done by calling the Account Management Office at extension 4444
• Test this account by attempting to connect to the SSH gateways
• Each time you want to SSH into or out of the lab simply logon to your account on the SSH Gateway first.
  
  To test this account:
  
  users:~> ssh lsoto@ssh.bnl.gov
  The authenticity of host 'ssh.bnl.gov (130.199.3.131)' can't be established.
  RSA key fingerprint is 11:0e:ac:b5:33:17:92:66:b4:0e:1a:73:9a:a6:23:95.
  Are you sure you want to continue connecting (yes/no)? yes
  Warning: Permanently added 'ssh.bnl.gov' (RSA) to the list of known hosts.
  
  
  Password:
  
  After your password is entered correctly, you will be able to ssh to
  another machine within the Laboratory:
  
  lsoto@sshvip1:~$ ssh lsoto@sun65.bnl.gov
  The authenticity of host 'sun65.bnl.gov (130.199.74.176)' can't be established.
  DSA key fingerprint is ef:30:09:34:e5:5b:c2:e6:92:b9:a1:2e:02:cf:82:40.
  Are you sure you want to continue connecting (yes/no)? yes
  Warning: Permanently added 'sun65.bnl.gov,130.199.74.176' (DSA) to the list of known hosts.
  
  
  lsoto@sun65.bnl.gov's password:
   

  The RSA key fingerprint for "ssh.bnl.gov" is 11:0e:ac:b5:33:17:92:66:b4:0e:1a:73:9a:a6:23:95

2. Instructions for putting SSH keys on the SSH Gateway

• Windows 95, 98, ME, NT, 2000 and XP
• Unix (protocol 2)

Last Modified: January 31, 2008
Please forward all questions about this site to: Web Services

One of ten national laboratories overseen and primarily funded by the Office of Science of the U.S. Department of Energy (DOE), Brookhaven National Laboratory conducts research in the physical, biomedical, and environmental sciences, as well as in energy technologies and national security. Brookhaven Lab also builds and operates major scientific facilities available to university, industry and government researchers. Brookhaven is operated and managed for DOE’s Office of Science by Brookhaven Science Associates, a limited-liability company founded by Stony Brook University, the largest academic user of Laboratory facilities, and Battelle, a nonprofit, applied science and technology organization.

Privacy and Security Notice  | Contact Web Services for help