BNL:  Departments  |  Science  |  ESS&H  |  Newsroom  |  Administration  |  Visitors  |  Directory

search

Logging In

Introduction

The only way to access Blue Gene computing resources remotely (outside the Blue Gene network enclave) is through the Blue Gene ssh gateways. Even users connecting from inside the BNL campus network need to go through the gateways.

Outside the BNL campus the gateways are known as: ssh.bluegene.bnl.gov
Inside the BNL campus they are known as: ssh.bluegene.bnl.local

Notes:

  • Both of the above host names (ending in .gov and .local) refer to the SAME load-balanced gateway servers. The users will access the same gateways whether they are logging in from inside or outside the BNL campus network.
  • All gateways are administered by the ITD Unix group. Blue Gene users having any questions or problems with the gateways should contact the ITD Help Desk via email itdhelp@bnl.gov or call (631) 344-5522.

Top of Page

Accessing the Blue Gene SSH Gateways

A "two factor authentication" method must be used to access any of the BNL ssh gateways. In the case of the Blue Gene gateways, CryptoCards must be used for authentication. Thus, in order to access the Blue Gene ssh gateways remotely, users must have:

  1. A CryptoCard Account, and
  2. An account on the Blue Gene ssh gateways

Instructions on how to obtain a CryptoCard account and a Blue Gene ssh gateway account are listed in Getting an Account .

Having both the above accounts setup, users should then:

  • ssh to the Blue Gene gateways:
    • ssh ssh.bluegene.bnl.gov (outside the BNL network)
    • ssh ssh.bluegene.bnl.local (inside the BNL network)
  • When prompted for a Username type your CryptoCard username.
  • At Password prompt, enter the CryptoCard password that was generated by the CryptoCard token. The password should look like a Telephone Number (make sure you include the dash when typing the password).
  • If you fail to login with an incorrect password, the gateway will display an 8-digit cryptocard challenge (8 digits, no dash). Make note of the cryptocard challenge as you will need it to re-sync your token for a successful login. If you are using a Software Token these screen shots will help resync your token.
  • If you keep failing to login, even after resynchronizing your token, you should contact the ITD Help Desk via email itdhelp@bnl.gov or call (631) 344-5522.
    The most common reasons for repeated login failures are:
    • The cryptocard username and the ssh gateway username do not match.
    • The cryptocard account has been locked due to repeated login failures.
    • The Blue Gene user account was not created and thus the user does not have an account on the ssh gateway.

The BNL CryptoCard Token User Guide provides FAQ's, screen shots and instructions on how to use CryptoCard tokens.

Top of Page

Accessing the Blue Gene Front-End Nodes

There are two Front-End nodes: one for the 18-rack Blue Gene/L machine known as fen.bluegene.bnl.gov and one for the 2-rack Blue Gene/P machine known as fenp.bluegene.bnl.gov. Both nodes can be accessed from the ssh gateways.

A "two factor authentication" is required to access the BlueGene Front-End nodes from the gateway. Users should generate an ssh key pair (using ssh-keygen -t dsa) and email the generated public key to the admins (stratos@bnl.gov).

Note: Some instructions on how to generate ssh keys can be found in the BNL Cyber Security SSH web pages.

Note: You must use a passphrase when generating the keys.

Please send your public key as an attachment to your email rather than simply including it in the body of the mail message.

You cannot send email from the Blue Gene ssh gateways. To email your public ssh key you will have to copy it to another machine.

Users who have trouble emailing their public ssh key can upload it to the Blue Gene ftp site ftp.bluegene.bnl.gov. The site is accessible from the ssh gateways. For more info contact the Admins.

The users will receive an email notification from the Blue Gene admins when the user's public key is deployed. The users should then be able to access the Front-End nodes from the Blue Gene ssh gateways:

  • ssh fen.bluegene.bnl.gov for the BG/L machine
  • ssh fenp.bluegene.bnl.gov for the BG/P machine

Note: The default location of the generated ssh keys is in the user's .ssh directory. The default private key filename is .ssh/id_dsa while the default public key filename is .ssh/id_dsa.pub. However, if you did specify a filename when the keys were generated (when running ssh-keygen) you should provide the location of the private key using the ssh -i option when trying to ssh to the front-end node.

  • ssh -i my_private_key fen.bluegene.bnl.gov

Top of Page

Accessing the Visualization Cluster

Once the user's public key is deployed on the Front-End nodes, the user should be able to access the visualization cluster from the BG ssh gateways:

  • ssh vis1.bluegene.bnl.gov

The user home directories are the same on the FENs and the vis. cluster.

Top of Page

Last Modified: Thursday, June 12, 2008
Please forward all questions about this site to: NYBlue Web Administrator


DOEOne of ten national laboratories overseen and primarily funded by the Office of Science of the U.S. Department of Energy (DOE), Brookhaven National Laboratory conducts research in the physical, biomedical, and environmental sciences, as well as in energy technologies and national security. Brookhaven Lab also builds and operates major scientific facilities available to university, industry and government researchers. Brookhaven is operated and managed for DOE’s Office of Science by Brookhaven Science Associates, a limited-liability company founded by Stony Brook University, the largest academic user of Laboratory facilities, and Battelle, a nonprofit, applied science and technology organization.

Privacy and Security Notice