Accessing Brookhaven:

Once you get guest authorization at Brookhaven National Laboratory, and get an account,
(which requires you to take Cyber Security training and easy quiz) you will need to actually get the
ssh public/private keys and upload them to Brookhaven machines(before logging into

Go to the following website (using your favorite brower):

By the time you have your account authorized you will get email (probably from Enrique S. Garcia,
which includes a kerberos 5 password.   This password allows you to access the website link  "SSH key upload "
on the lefthand side of the above website.  (a window pops up and says
"RCF CTS Access" at" Username:     ,  Password:    
This is where you use that password. ) 

>From that link website you can upload your public ssh key.

HOWEVER, you don't have your keys yet.

Go to your lx5 account and go to your  .ssh  directory.
then  type    > 
ssh-keygen -t rsa

This generates a private key and a public key.

Notice that the "
ssh-keygen -t rsa  "  command generates a single fingerprint
for both of your keys that may look like Babble and technically it is called Babble;

e.g. 1a:59:7c:0c:fe:b0:f1:06:9b:24:2c:6b:1d:1a:b2:e0

The fingerprint will be on your command line.  You will need this.

This command will also ask you to generate and then verify a passphrase.
Remember your passphrase. 


rename the public key to

and the private key to      identity

(remember these are in your .ssh directory )

Go back to the browser webpage where you upload your ssh key and fill in the PUBLIC key name
and the fingerprint into the appropriate places.    Then "send file".

[ forget the fingerprint? you can retrieve it by using the commend " ssh-keygen -i -f " on the linux machine.]

You can (probably) log into  So, for example, I would type " ssh "
...and this asks me for my passphrase (which is not the password that Enrique sent you, but rather the passphrase
that you typed in when generating the ssh public/private keys). 

Good luck, and please tell me if problems arise.  Debbie


Nota Bene: Brookhaven is the only site that allows only one public/private key. Other institutions, such as CERN and SLAC allow many public keys so that you can interconnect easily from one site to another.


The following message is from Brookhaven, Susan White-DePace:

IMPORTANT:  If you want to continue to have shell access the ATLAS Computing Facility (ACF) after September 30, 2006, then read the following announcement and follow its instructions.

If you have already uploaded your SSH public key to the ACF using the Web form and you are using the key to login to the "atlasgw" gateways and "aftp"

machine, then you have done what is necessary and do not have to read any further.

AFTER SEPTEMBER 30, 2006, users will no longer be able to login to the ACF gateway machines using static passwords.  After September 30, 2006, "two factor authentication" will be required on all gateway machines.

In order to continue to login to the ACF, you must create an SSH public/private key pair, if you are not yet using them, and upload your public key to the ACF using the web form   For

background information, and detailed instructions, please consult the Web pages linked from "Two Factor Authentication at the ACF" on the ACF page

QUESTIONS should be directed to your ACF Liaison - Hong Ma,, x2919.

Susan White-DePace, Manager
RHIC & AGS Users' Center
Brookhaven National Laboratory
Building 355A
Upton , NY 11973-5000

Phone:  (631) 344-7959
Fax:      (631) 344-8686
Office e-mail:
Personal e-mail:

Usatlas-l mailing list