SSH gateways in Maths

Direct access from the public Internet to almost all internal systems at Imperial College is not possible for security reasons; internal systems are protected by a perimeter firewall such that global access to the college website is about the only service generally accessible to all from outside the college. However, external access is possible using the college's VPN (Virtual Private Network) service and in addition, Maths users can also use one of the Maths SSH gateways instead for direct ssh connections.

ssh gateways are Linux or UNIX systems in Maths that are accessible from outside the college over the Internet and from these, you can connect to internal systems such as the compute clusters, the college HPC or to your own desktop system. They can be regarded as 'stepping stones' between the public Internet and the internal systems protected by the college perimeter firewall.

Three ssh gateways are available to Maths users and are set up in an identical fashion to Maths Linux systems including direct access to both ICNFS and Maths-hosted home directory servers such as the 'silos', clustor, clustor2, etc.

The Maths ssh gateways support the optional 'X forwarding' feature - this can carry graphical X Windows traffic over a secondary channel to your primary ssh connection, allowing you to use these gateways to run graphical programs on systems within college that support the X Window System while controlling it and displaying the graphical output from an external computer. All Linux, UNIX and Mac computers are X Windows-capable and you can run software such as Matlab, Maple, Mathematica, CAD/CFD software, office productivity suites such as OpenOffice/LibreOffice, web browsers, etc remotely on college computers to which you have ssh login access. This provides an alternative to the College VPN service for those who cannot use this for some reason. For more information on how to use X forwarding over ssh, see the ssh pages; for Linux/UNIX users, using graphical programs over ssh/X-forwarding is to be preferred as it is noticeably faster than VPN.

A reasonable range of applications and software is installed on these gateways so that they can be used for various non-resource intensive tasks but please do not run compute jobs on them! They are not fast machines with lots of memory.

To ensure some variety, the ssh gateways run different operating systems including Ubuntu Linux, openSuSE Linux and FreeBSD UNIX so if you are considering choosing a Linux or UNIX operating system for yourself, you may find it useful to try out different gateway machines out to see which one you like best. But for most users interested in using these gateways simply to access other internal systems, all three behave in the same way.

You can stay logged into a ssh gateway for as long as you like and there are no time or usage limits. However, if you are logged into a Maths ssh gateway from a Virgin Media residential cable broadband connection using a standard Superhub 2 modem-router supplied by Virgin (a black unit with red and blue status LEDs), you may find your ssh connections are terminated after 2 or 3 minutes of inactivity. This happens with any ssh connection - not just to the Maths ssh gateways - and is a known issue with Superhub 2's; the workaround is to enable TCP keepalives in your ssh client which essentially sends dummy packets over your ssh connection every few minutes even if you are not doing anything on your computer. (These irritating ssh disconnections may also happen with other ISP's broadband hardware - Virgin have never come up with a satisfactory explanation of why their custom Superhub 2 firmware has been changed to do this). The newer Superhub 3 introduced in 2015 does not exhibit this behaviour.

Below is a list of the Maths Linux and UNIX gateways that are accessible to all Maths users from outside the college via ssh:

hessian HP dc7600 system running Ubuntu Linux 18.04
aachen ** HP dc7600 system running FreeBSD 12.2
cathedral ** HP dc7600 system running OpenSuSE Leap 15.2 Linux

** Please contact Andy Thomas for some important additional information before attempting to use the aachen and cathedral gateways

Andy Thomas

Research Computing Manager,
Department of Mathematics

last updated: 7.5.2021