Logging In, New York Blue, Brookhaven National Laboratory, BNL

The only way to access Blue Gene computing resources remotely (outside the Blue Gene network enclave) is through the Blue Gene ssh gateways. Even users connecting from inside the BNL campus network need to go through the gateways.

Outside the BNL campus the gateways are known as:	ssh.bluegene.bnl.gov
Inside the BNL campus they are known as:	ssh.bluegene.bnl.local

Notes:

Both of the above host names (ending in .gov and .local) refer to the SAME load-balanced gateway servers. The users will access the same gateways whether they are logging in from inside or outside the BNL campus network.
All gateways are administered by the ITD Unix group. Blue Gene users having any questions or problems with the gateways should contact the ITD Help Desk via email itdhelp@bnl.gov or call (631) 344-5522.

Accessing the Blue Gene SSH Gateways

Cryptocard token access was terminated some time ago, mail to all nyblue users at the time was sent indicating this and what they should do.

You must use an RSASecureID token, here are the instructions:

A "two factor authentication" method must be used to access any of the BNL ssh gateways. In the case of the Blue Gene gateways, RSA SecureID must be used for authentication. Thus, in order to access the Blue Gene ssh gateways remotely, users must have:

An RSA SecureID Account, and
An account on the Blue Gene ssh gateways

Instructions on how to obtain a SecureID account and a Blue Gene ssh gateway account are listed in Getting an Account .

Having both the above accounts set up, users should then:

ssh to the Blue Gene gateways:
- ssh ssh.bluegene.bnl.gov (outside the BNL network)
- ssh ssh.bluegene.bnl.local (inside the BNL network)
When prompted for a Username type your SecureID username.
At the
Enter RSA PASSCODE or press return for CRYPTOCARD:
prompt, enter your PIN number followed immediately by the SecureID tokencode that was generated by the SecureID token -- do not embed any hyphens or blanks. The tokencode should be 6 digits.
You must use a different tokencode for each attempt you make to ssh into the Blue Gene gateway, and a new tokencode appears in the RSASecureID token display every 60 seconds. This is discussed further below.
If you fail to login with an incorrect tokencode, the gateway may display
Wait for the tokencode to change, then enter the new tokencode :
You may have made a typo, so wait for a new tokencode to be displayed and then enter the new tokencode.
The RSA SecureID token displays a new tokencode every 60 seconds.
As illustrated in the RSA SecureID User Guide, there is a "count down timer" on the left side of the token display: 5 bars appear there when a new tokencode has just been displayed, then 4 bars, 3, 2, 1, and then 5 bars and a new tokencode are displayed.
A tokencode is the six digits displayed by the RSA SecureID token.
A passcode consists of your PIN number followed immediately by the SecureID tokencode.
If you keep failing to login you should contact the ITD Help Desk via email itdhelp@bnl.gov or call (631) 344-5522.
The most common reasons for repeated login failures are:
- The SecureID account has been locked due to repeated login failures.
- The Blue Gene user account was not created and thus the user does not have an account on the ssh gateway.
- The SecureID username and the ssh gateway username do not match.

The BNL RSA SecureID Token User Guide provides instructions on how to use RSA SecureID tokens.

Accessing the Blue Gene Front-End Nodes

There are two Front-End nodes: one for the 18-rack Blue Gene/L machine known as fen.bluegene.bnl.gov and one for the 2-rack Blue Gene/P machine known as fenp.bluegene.bnl.gov. Both nodes can be accessed from the Blue Gene ssh gateways.

A "two factor authentication" is required to access the BlueGene Front-End nodes from the gateway. Users should generate an ssh key pair on the Blue Gene ssh gateways (using ssh-keygen -t dsa) and email the generated public key to the admins (drs@bnl.gov).

Note: Some instructions on how to generate ssh keys can be found in the BNL Cyber Security SSH web pages.

Note: You must use a passphrase when generating the keys.

Please send your public key as an attachment to your email rather than simply including it in the body of the mail message.

You cannot send email from the Blue Gene ssh gateways. To email your public ssh key you will have to copy it to another machine.

Users who have trouble emailing their public ssh key can upload it to the Blue Gene ftp site ftp.bluegene.bnl.gov. The site is accessible from the ssh gateways. For more info contact the Admins.

The users will receive an email notification from the Blue Gene admins when the user's public key is deployed. The users should then be able to access the Front-End nodes from the Blue Gene ssh gateways:

ssh fen.bluegene.bnl.gov for the BG/L machine
ssh fenp.bluegene.bnl.gov for the BG/P machine

Note: The default location of the generated ssh keys is in the user's .ssh directory. The default private key filename is .ssh/id_dsa while the default public key filename is .ssh/id_dsa.pub. However, if you did specify a filename when the keys were generated (when running ssh-keygen) you should provide the location of the private key using the ssh -i option when trying to ssh to the front-end node.

ssh -i my_private_key fen.bluegene.bnl.gov

Accessing the Visualization Cluster

Once the user's public key is deployed on the Front-End nodes, the user should be able to access the visualization cluster from the BG ssh gateways:

ssh vis1.bluegene.bnl.gov

The user home directories are the same on the FENs and the vis. cluster.

Last Modified: Friday, March 09, 2012
Please forward all questions about this site to: NYBlue Web Administrator