...
The OpenSSH configuration setting for this is named ProxyJump
.
See the Legacy Configuration note below if your ssh client is older than 7.3.
Destination Hosts available
...
- Linux VDI (both legacy OpenSUSE and CENTOS 8 beta)
- Physical office workstations
- ecGate
- HPC2020 TEMS
Configuring passwordless login
With the initial configuration you may be prompted for a password at the destination-host
.
For login without a password, add the Teleport certificate authority to your ~/.ssh/authorized_keys
file:
Code Block | ||||
---|---|---|---|---|
| ||||
curl -fs https://nexus.ecmwf.int/repository/internal-teleport-configs/prod/teleport_user_ca.pub >> ~/.ssh/authorized_keys |
Tip |
---|
This configuration will allow access to any host which mounts the same |
Other Notes
SCP, X11, Agent, and Port Forwarding
scp, agent, and port forwarding will work through the Teleport gateway.
Note |
---|
X11 forwarding will work in a couple of months when we have an update from the vendor. |
Legacy Configuration
For OpenSSH clients older than 7.3, the following will work in your ~/.ssh/config
file:
Code Block | ||
---|---|---|
| ||
Host ecgate Username ab0 ProxyCommand /usr/bin/ssh -q -W %h:%p shell.ecmwf.int |
...
Difficult client environments
You might not be able to download and run tsh
, or access our web login service, from where you wish to use ssh.
...
This is a good way to access Teleport credentials via a shared file system from any host.
Configuring passwordless login
With the initial configuration you may be prompted for a password at the destination- host.
For login without a password, add the Teleport certificate authority to your ~/.ssh/authorized_keys
file:
Code Block | ||||
---|---|---|---|---|
| ||||
curl -fs https://nexus.ecmwf.int/repository/internal-teleport-configs/prod/teleport_user_ca.pub >> ~/.ssh/authorized_keys |
Tip |
---|
This configuration will allow access to any host which mounts the same |
SCP, X11 and Port Forwarding
scp and port forwarding will all work through the Teleport gateway.
...
.