Skip to end of metadata
Go to start of metadata

Passwordless ssh access between computers at ECMWF can be achieved by setting up the "ssh trust".  If the command ssh to any ecmwf computer asks for a password, please follow these instructions.

Create RSA keys if not present:

Check whether the RSA key is present in your ~/.ssh directory:


% ls ~/.ssh/id_rsa*


If the key does not exist then create it with the following commands:


% ssh-keygen -t rsa                          # press 'enter' 3 more times

Finally add the key to your authorised keys:

% cat ~/.ssh/ >> ~/.ssh/authorized_keys

If you have access to the supercomputers, as they have a different home, you will have to copy the keys there to enable the passwordless access on those:

% rsync -av ~/.ssh cca:



If ssh still asks for a password, please check the following:

  1. The home directory permissions have to be at least 755.
  2. The .ssh directory permissions have to be at least 755.




  1. I suppose this classical key generating is not possible for computers outside ECMWF. Could you please confirm?


    1. Dear Harold,

      Unfortunately it is not possible to use key based authentication when connecting from a host outside ECMWF network. The access is done through the ecaccess service with one-time-password token authentication.