Privacy and Security Notice

CC Home | JLAB Home | JLAB Internal

Helpdesk | Services | Scientific Computing | Networks | Telecommunications | CAD/CAE | Policies

Note: this page describes access to Lab systems by machines that are connecting via the Internet from off-site.

• For dial-in access, see JLab Dial-In Services.
• For instructions on the use of ssh, see SSH Setup and Use at JLab.
• For installation instructions for ssh on Windows, see PuTTY Installation and Configuration.
• Background on ssh can be found at http://www.openssh.org/history.html. OpenSSH is a free implementation of the SSH protocol orginally developed by Tatu Ylönen, now of ssh.com.

Off-site Login Server

Off-site login services are provided by "hardened" servers. These machines are the only means for getting interactive access to on-site hosts. These machines are configured to require a password. Authentication by RSA/DSA keys has been disabled.

Once you have logged into one of these machines using your standard user name and password, you must then use ssh to log into an internal machine, such as jlabs1 or jlabh1. If you have an account on other internal machines, they will also be accessible from this intermediate login.

Note that the use of a telnet client anywhere in your communications link, exposes your password to network sniffers. Please use ssh from end-to-end.

scp may be used on these machines for file transfer. The following directories are accessible:

/home, /group, /site, /scratch

The available machines is

login.jlab.org (also responding as jlab.org)

Please report any problems with access or availability to helpdesk@jlab.org.

Using the Login Servers

Note: You must use an ssh client for your interactive logins. From a UNIX command line, you can do the entire process in one line, as shown below. This allows you to establish a command alias that will do a direct login to your internal machine through the login server. The use of the -t option seems to clean up the password authentication dialog.

Examples using two server names:

To open an X connection from an off-site UNIX/Linux machine (the -f option puts the process in the background after the connection is made):

    ssh -t -f login.jlab.org ssh jlabs1 xterm -name jlabs1
	 
    ssh -t -f jlab.org ssh halldlinux2 xterm -name halldlinux2
	 

To open a command line in your current terminal window:

    ssh -t jlab.org ssh mybox

A single-line transfer of a subdirectory to your remote machine:

    ssh -t jlab.org scp -pr clas-current MyHost.MySite.edu:workdir/clas-Feb2002
  

        Here, clas-current is the name of the source file
        or directory in your home on CUE and clas-Feb2002
        is the name of the destination file or directory on the
        off-site machine.

The use of the -C option to request compression may speed transfers, especially on dial-in connections.