...

The OpenSSH configuration setting for this is named ProxyJump.

See the Legacy Configuration note below if your ssh client is older than 7.3.

Destination Hosts available

...

• Linux VDI (both legacy OpenSUSE and CENTOS 8 beta)
• Physical office workstations
• ecGate
• HPC2020 TEMS

Configuring passwordless login

With the initial configuration you may be prompted for a password at the destination-host.

For login without a password, add the Teleport certificate authority to your ~/.ssh/authorized_keys file:

curl -fs https://nexus.ecmwf.int/repository/internal-teleport-configs/prod/teleport_user_ca.pub >> ~/.ssh/authorized_keys

Other Notes

SCP, X11, Agent, and Port Forwarding

scp, agent, and port forwarding will work through the Teleport gateway.

Legacy Configuration

For OpenSSH clients older than 7.3, the following will work in your ~/.ssh/config file:

Host ecgate
  Username ab0
  ProxyCommand /usr/bin/ssh -q -W %h:%p shell.ecmwf.int

...

Difficult client environments

You might not be able to download and run tsh, or access our web login service, from where you wish to use ssh.

...

This is a good way to access Teleport credentials via a shared file system from any host.

Configuring passwordless login

With the initial configuration you may be prompted for a password at the destination- host.

For login without a password, add the Teleport certificate authority to your ~/.ssh/authorized_keys file:

curl -fs https://nexus.ecmwf.int/repository/internal-teleport-configs/prod/teleport_user_ca.pub >> ~/.ssh/authorized_keys

SCP, X11 and Port Forwarding

scp and port forwarding will all work through the Teleport gateway.

...

.