SSH Bastion Gate Server

Who the service is for

An SSH session gives you a command line session on a Linux system. This service is expressly for users wishing to connect to the Departmental network using SSH. There is also the option of using VPN if you are a remote Microsoft user or have software installed that permits connection to a Microsoft VPN service.

What this service is for

This service is for access into the Departmental network (hence it's name, "gate"). If you wish to access basic applications (mail, text editing, document-writing, etc.) from home, or you wish to gain access to your Departmental desktop or favoured compute server (see later), then this is the way to do it.

If you wish to do something compute-intensive, then please do not use this machine. SSH from this machine onto one of the designated Departmental compute servers, or one of the private compute facilities. Do not run jobs on this system.

This system runs a program to lower the nice level of processes consuming too much resource and the Computing Team will kill any processes running that prevent users from using the gateway.

Reasons for this service

Under firewalled conditions, access to any system on the network is security protected. It is regarded as dangerous to leave open unnecessary network access to our systems and there are occasionally very dangerous exploits in the SSH protocol. It has been decided, therefore, that SSH access should be denied to all systems except certain highly-secure and proactively monitored services. The designated SSH entryway into the Department is via the host This is a Virtual IP address that currently resolves to the real server Any host carrying the GATE service will be especially secured with a hardened operating system and custom-tripwired to prevent crackers from damaging the service. This is a time-consuming and difficult process to configure and monitor, so we do this for only a few systems.

Using the service

The simplest way to connect to a Linux system from a Windows PC is to use PuTTY. Windows users who do not already have a copy of PuTTY can download it from here. There is more local information about PuTTY here.

Using the service is simple. Once you have an SSH client, you can connect to the Departmental network via the command:

# ssh

(please do not attempt to connect directly to blackcap).

If you wish to SSH to your desktop system or favoured compute resource, then you will have to perform this as a two-stage SSH:

# ssh
# ssh your-host

X-applications should work as normal as X11-tunnelling through SSH is permitted.

If you wish to copy data onto your desktop system, then you will have to SSH to gate, then your system, then initiate an scp or ftp from there. All outbound connections are unblocked.

Please think of others: this is a shared service possibly used by many others. Even an inactive Linux SSH session uses resources so please log out when you have finished.